On Wed, Jun 25, 2008 at 9:25 PM, Jeff Johnson <n3npq@mac.com> wrote:

>
> On Jun 25, 2008, at 3:10 PM, Tim Mooney wrote:
>
>
>> :-)  I personally don't care about the loss of vendor signatures.  Since
>> I'm not very familiar with RPM internals, I'm not sure what all the
>> implications are for the loss of header+payload MD5, but I'm guessing
>> most RPM users won't care.
>>
>>
> Well you may not *think* you care, but this thread (like most) points out
> that
> vendor *.rpm packages cannot be resigned with modern RPM.
>
> Modern == what has been widely deployed for 6+ years.
>
> Until vendors change their packaging, the existence (or not)
> of a converter changes nothing whatsoever. Lusers will download
> vendor *.rpm packages and be surprised that they cannot resign.


Why lusers want to resign package they have not created in first place: if
they want signed package, well, they have to ask the vendor alongside the
pub key - they have already paid anymore.

I am perhaps a lusers, more yes that not, but i don't do this never.

Best Regards

>
> ______________________________________________________________________
> RPM Package Manager                                    http://rpm5.org
> Developer Communication List                        rpm-devel@rpm5.org
>