(aside) Hmmm mac.com gets flakier and flaker prior to WWDC, sigh.
Not seen this msg come across, apologies if duplicate.

Begin forwarded message:

> From: Jeff Johnson <n3npq@mac.com>
> Date: June 4, 2008 10:02:35 AM EDT
> To: rpm-devel@rpm5.org
> Subject: Adding signed files to payloads?
>
> All the infrastructure is in place @rpm5.org to add signed files
> to payloads, with signature verification during install.
>
> An implementation for per-file signatures would use base64 encoding of
> RFC-4880 signatures packets stored as strings in RPMTAG_FILEDIGESTS
> (which I will likely rename as the contents get repurposed).
>
> The remaining part of the implementation would be to
> run DSA/RSA on the file digest that is already being computed
> when a file is installed, which is already done in several places.
>
> The signature would be populated by adding another %attr, say,
> 	%filesignature(...)
> where ... is either a URI to detached signature (preferred) or
> a base64 string (for those who simply must have everything
> in the specfile directly).
>
> Should I proceed? I'm likely to look at per-file encryption
> at the same time.
>
> 73 de Jeff
>
>