On Tue, Jul 17, 2012 at 05:31:40PM +0200, Marcus Hüwe wrote:
Hi,
some days ago darix and I had a small discussion about verifying the integrity of the downloaded packages which are used for local builds. The idea is that we add a checksum for each package to the buildinfo xml so that a client/osc can "easily" check if the downloaded file is corrupted. For instance we could add the hdrmd5 to buildinfo (this would require only a small change in the backend) or alternatively we add the md5 of the whole package to the buildinfo (this would probably require a bigger change in the backend). The advantage of the latter is that it is much easier to verify for the client (but then I don't think there are many clients which deal with the buildinfo at all...).
Any opinions?:)
I thought there is RPM key checking done already? At least it asks me for the keys.. This could be reused for this. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org