Yeah both the documentation and the integration with the rest of rpm for that
major feature is tragically inadequate. The technical side of the format change
was covered in
https://rpm-software-management.github.io/rpm/manual/hregions.html back then,
but there's never been any UI to this featur
Wow, there's a ton of things I've never known about even though I've been an
avid user of `rpm -V`. Thank you very much for the information!
I've just double checked `man rpm` and nothing that you've written is there, so
please forgive me for this intrusion.
@pmatilai
My final question is wha
Closed #2671 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2671#event-10458820245
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint m
> This results in an ability to verify the integrity of the installed files and
> whether they have been tampered with because it's relatively easy to modify
> `rpmdb.sqlite` to make it look like files on the disk are pristine and the
> system is running normally without any malware, etc.
I don
> The issue however is neither Fedora, nor RHEL keeps intermediate update
> packages on the server, so it's quite a common configuration to have packages
> are installed where the source Fedora/RHEL packages cannot be downloaded or
> found anywhere on the Internet since they have been deprecated
Let's talk about a major security issue which I think is very important, yet is
not currently solved in any shape or form.
RPM packages can be signed, and Fedora and RHEL packages are.
The issue however is neither Fedora, nor RHEL keeps intermediate update
packages on the server, so it's quite