[Rpm-metadata] creaping featurism

Daniel Veillard veillard at redhat.com
Sun Nov 9 17:48:34 EST 2003

On Sun, Nov 09, 2003 at 04:59:16PM -0500, seth vidal wrote:
> Hi,
>  Just realized something that might be useful in the rpm metadata.
> Would that be useful
> Signature list: with a list of the types of signatures in the rpm.
> Especially so you can just have a simple entry for 'gpg signed, or not'
> or whatever.
> So for example:
> <signatures>
>   <sig type="md5">value</sig>
>   <sig type="sha" key>value</sig>
>   <sig type="gpg">key id</sig>
> </signatures>
> would that be useful?
> maybe it doesn't make sense to represent it that way.
> open to comments or suggestions that say "this is dumb, move along" :)

  Those metadata are useful, but not for the process of building a distributed
transaction solver. Why should we add them to the metadata description ?
IMHO extracting them is fine, but they are not needed for this purpose
so at best it should be optional.
  Also note that the MD5 is confusing for users, they think it's the
package md5 while it means the payload MD5 in RPM at least,


Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

More information about the Rpm-metadata mailing list