Hi, I agree that this should be the default behavior, however, checking based on both filesize and checksum can be turned on today by using the '--validate true'. Validating against the feed repo signing key or updating the default behavior would be a really good feature request for https://pulp.plan.io/projects/pulp_rpm/issues/new. Regards,
-Barnaby On 04/30/2015 03:57 AM, [email protected] wrote: > > since all of this information is available > > on feed sync: would it not be worth checksumming the download and taking > > action (probably electing to ignore the package) if for whatever reason > > a checksum is inconsistent? > > > I agree with this suggestion, but would like the checking to be made even > stronger. > > I would prefer that the package signature is checked against the repo > signing key to be sure that the package hasn't been tampered with or been > corrupted along the way. > > Ben Stanley. > > > _______________________________________________ > Pulp-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-list > _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
