[Rpm-metadata] Re: Rpm-metadata Digest, Vol 16, Issue 4
seth vidal
skvidal at phy.duke.edu
Sun Feb 20 19:52:11 UTC 2005
On Sun, 2005-02-20 at 13:02 -0600, Randy Zagar wrote:
>What makes you think I'm joking?
>
>The RPMs themselves contain SHA-1, MD5 checksums and GPG signatures.
>
>Why shouldn't the XML metadata files contain all relevant software
>validation metadata?
Well, if you want to validate the pkgs you check gpg signatures, not
sha1sums or md5sums.
so instead of just adding more data w/o any real use to the metadata it
would make more sense, to me, to work on gpg signing.
-sv
More information about the Rpm-metadata
mailing list