On 09/20/2016 11:00 PM, Burton, Ross wrote:


On 20 September 2016 at 09:15, Hongxu Jia <hongxu....@windriver.com <mailto:hongxu....@windriver.com>> wrote:

    -Upstream-Status: Submitted [Sent email to rpm-de...@rpm5.org
    <mailto:rpm-de...@rpm5.org>]
    +Upstream-Status: Rejected [Sent email to rpm-de...@rpm5.org
    <mailto:rpm-de...@rpm5.org>]
    +http://rpm5.org/community/rpm-devel/5655.html
    <http://rpm5.org/community/rpm-devel/5655.html>


Considering upstream has explicitly rejected this patch, why should we accept it?


From his reply, he will remove "SUPPORT_NOSIGNATURES" code in future:
----------------
Note that all the code marked with "SUPPORT_NOSIGNATURES" is targeted
for removal. RPM5 has been producing MANDATORY signed packages for
more than 5 years, so all packages produced by RPM5 SHOULD have
both verifiable signatures/pubkeys included for many years now.

Your alternative (of course) is to re-patch rpm to re-add --nosignatures as
you wish: I will be happy to send you the needed patch when I remove
all the SUPPORT_NOSIGNATURES code.
----------------

If we need to support --nosignatures, we have to re-patch rpm locally.
We could drop it after upstream removes "SUPPORT_NOSIGNATURES"
code.

//Hongxu

Ross


-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to