-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require that deltarpms be v3 and signed #1466
Comments
I am really sorry but I do not know what we can do with it or what plans are for deltarpm in future. We believe that verification will be not easy and we would prefer if a library or deltarpm will do it for us. |
@j-mracek deltarpm does not have any signature verification functionality. Verification can be handled by librpm itself, as with normal RPMs. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
v3 deltarpms can be signed, and libdnf should verify the signature before passing them to drpm. The payload digest will be wrong, but that is okay since the header+payload signature can still be validated. This means that header+payload signatures will be required for deltarpms.
The text was updated successfully, but these errors were encountered: