On Mon, 3 May 2010 20:41:16 -0400, Darr wrote: > On Mon 03 May 2010 @ 13:29:35 zulu, Michael Schwendt scribed: > > > You two are talking past eachother. There is a problem with the "debug" > > repo metadata: > > http://lists.rpmfusion.org/pipermail/rpmfusion-users/2010-February/000610.html > > > Yeah... but as I said in that message back in February, there's no > real way to tell if the file is "good" and the hash in the XML file is > incorrect, or if the checksum in the file is correct and the file bad. "No real way" or "no way"? The package passes RPM verification at least, so obviously it isn't damaged badly: $ rpm -Kv libdvdcss-debuginfo-1.2.10-1.i386.rpm libdvdcss-debuginfo-1.2.10-1.i386.rpm: Header V4 DSA/SHA1 Signature, key ID a109b1ec: OK Header SHA1 digest: OK (4e08f7e57efee9566161d1877fd08d8ea18ac243) MD5 digest: OK (d772761658ec7217f02475c9d758888c) V4 DSA/SHA1 Signature, key ID a109b1ec: OK And those checksums are independent from the GPG signature (here done with key ID a109b1ec). That means, you can sign the package with a different key and still get the same internal RPM checksums. Only the file's checksum will differ, and that's the one that enters the repodata. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
