Re: Libdvdcss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 3 May 2010 20:41:16 -0400, Darr wrote:

> On Mon 03 May 2010 @ 13:29:35 zulu, Michael Schwendt scribed:
> 
> > You two are talking past eachother. There is a problem with the "debug"
> > repo metadata:
> > http://lists.rpmfusion.org/pipermail/rpmfusion-users/2010-February/000610.html
> 
> 
> Yeah...  but as I said in that message back in February, there's no
> real way to tell if the file is "good" and the hash in the XML file is
> incorrect, or if the checksum in the file is correct and the file bad.

"No real way" or "no way"? The package passes RPM verification at least,
so obviously it isn't damaged badly:

$ rpm -Kv libdvdcss-debuginfo-1.2.10-1.i386.rpm 
libdvdcss-debuginfo-1.2.10-1.i386.rpm:
    Header V4 DSA/SHA1 Signature, key ID a109b1ec: OK
    Header SHA1 digest: OK (4e08f7e57efee9566161d1877fd08d8ea18ac243)
    MD5 digest: OK (d772761658ec7217f02475c9d758888c)
    V4 DSA/SHA1 Signature, key ID a109b1ec: OK

And those checksums are independent from the GPG signature (here done
with key ID a109b1ec). That means, you can sign the package with a different
key and still get the same internal RPM checksums. Only the file's checksum
will differ, and that's the one that enters the repodata.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux