-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014-04-07 15:15, Dsant wrote:
Are repositories files signed ? I mean, if I mirror one official repository here, and someone change one rpm file, will zypper complain about ?
AFAIK, yes. The rpm signature itself is not currently checked, I understand, but the metadata of the repo contains checksums of each file, and the metadata files are signed. That's how the public mirror infrastructure is verified... no different than your private mirror. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlNCrBYACgkQja8UbcUWM1zNiAEAgTsFNVPYzEsovtQNnDoqTY2f 4g+Qwa4o/LSgmHyQsGwBAI0MXh/qa3XehQtxQKE22UR4PHG7J8qrx7dWW7RcMQSY =b6dr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org