On Mon, Sep 14, 2009 at 20:29:11 +0300, Jonathan Dieter <jdie...@gmail.com> wrote: > > Sorry, forgot to mention, another option would be to sign the > *uncompressed* data in an rpm, so if the compressed data was different, > it wouldn't matter.
Uncompressing hostile data isn't always a good idea. It is preferable to sign the compressed data when that is what you are handing out. -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
