On Sat, 2007-01-13 at 20:40 +0200, Ahmed Kamal wrote:
FYI, this yum deltarpm support, is based on that same deltarpm
package
that is made by suse. This suse package can create new rpms from drpm
+ (either ondisk files, or old rpm). Either way, a new rpm is created,
then installed. Never does it replace files directly. Not sure why
this would be bad security wise
It's the construction of the rpm from ondisk files that I don't like.
You lose the ability to sign the rpm that you're installing. Patching
an older rpm is a safer transformation.
I just googled and found an August post to yum-devel about what I think
is this plugin:
https://lists.dulug.duke.edu/pipermail/yum-devel/2006-August/002385.html
Is this right? Is there more recent code? It looks like that code is
tied into up2date so it wouldn't help Fedora users much. It also needs
a server side which implies the mirrors would have to run additional
software to make it functional....
-Toshio