On Wed, 5 May 2010 03:11:53 -0400, Darr wrote: > On Tue 04 May 2010 @ 08:59:01 zulu, Michael Schwendt scribed: > > > > And those checksums are independent from the GPG signature > > (here done with key ID a109b1ec). That means, you can sign the > > package with a different key and still get the same internal RPM > > checksums. Only the file's checksum will differ, and that's the > > one that enters the repodata. > > > non-sequitur. > I don't see what that proves, since all the other files appear to have been > signed with key ID a109b1ec, too. Prior to running createrepo or afterwards? > So, why would the checksums in the > repodata's primary.xml files be wrong for only those debuginfo packages? It could be that those packages have been signed (or resigned) without rerunning createrepo. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
