I believe signatures are checked after packages are rebuilt from deltas. Therefore, if your delta is compromised, the resulting package won't validate with the signature.
On 28 December 2012 11:40, Magnus Therning <[email protected]> wrote: > On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae <[email protected]> wrote: >> On 28/12/12 05:27, Magnus Therning wrote: >>> Do these two features play nice together? >>> >> >> Why wouldn't they? > > No reason beyond that it requires extra code in pacman to make it > work. It could be a thing that's easily overlooked. > > /M > > -- > Magnus Therning OpenPGP: 0xAB4DFBA4 > email: [email protected] jabber: [email protected] > twitter: magthe http://therning.org/magnus -- Sébastien Leblanc
