On 25/06/07, Brian Gupta <brian.gupta at gmail.com> wrote: > Package Signatures > RPM Packages have support for MD5 and OpenPGP signatures stored > right in the files.
Solaris packages support digital signing too. > Package Verification > RPM has the ability to verify installed packages to detect > corruption and or tampering. RPM checks the permissions, ownership, > md5 checksums, and size of each file. You can use bart and pkgchk in combination to do this: http://blogs.sun.com/gbrunett/entry/integrating_solaris_10_bart_and > Package Documentation > I used to keep a notebook with the instructions for creating every > package I built. This included configure options, files that needed > patching, etc. I would always forget if there was some quirk about the > software the next time I had to build it not to mention optional > things that were enabled or disabled. > > The beauty of RPM is that all of that information is stored in the > Source RPM when the package is built. That basically makes it > self-documenting. This is not necessarily true. I think the key thing here is that you *can choose* to place the information in the SPEC file for the srpm, but you're not required to. However, thanks to pkgbuild, we have many of these advantages while still using Solaris packages. -- "Less is only more where more is no good." --Frank Lloyd Wright Shawn Walker, Software and Systems Analyst binarycrusader at gmail.com - http://binarycrusader.blogspot.com/
