Where is it documented how the data in a RPM is laid out? What data is signed in a signed RPM? The reason I ask this question is the following: In keeping with the original UNIX "many small tools" philosophy, imagine the following 2 utilities: rpmdetachsig: Takes a rpm together with the gpg keys and a passphrase from user it goes through the exact same procedure as "rpm --addsign" goes through but instead of creating a signed rpm, creates a DETACHED signature for the rpm's data. The detached signature is output to a separate file. rpmadddetachedsig: takes an rpm together with the detached signature produced by rpmdetachsig, and creates another rpm but signed, just like it had been signed by "rpm --addsign" in one operation. Using these utilities, the buildservice could implement the following procedure for developers that want to sign their rpms: Developers download their rpm and use rpmdetachsig to create a detached signature. They then upload the detached signature back to the build service. The Build service adds the developer's detached signature to the published rpm (with rpmadddetachedsig). The build service also adds its own signature to the rpm to indicate that the rpm was indeed built with the data on the build service. This procedure (if possible) has the following advantages: The developers never have to trust the build service with their secret keys, because the signature creation is done on the developer's own computer. This is important because many people are unwilling to trust anyone else with their secret key--properly so. The Build service knows that the data it publishes was built on the build server! It accepted the detached signature from the developer but the rpm on the build service never left the custody of the build service! -- Paul Elliott 1(512)837-1096 pelliott@io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117