I believe signatures are checked after packages are rebuilt from deltas. Therefore, if your delta is compromised, the resulting package won't validate with the signature.
On 28 December 2012 11:40, Magnus Therning <mag...@therning.org> wrote: > On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae <al...@archlinux.org> wrote: >> On 28/12/12 05:27, Magnus Therning wrote: >>> Do these two features play nice together? >>> >> >> Why wouldn't they? > > No reason beyond that it requires extra code in pacman to make it > work. It could be a thing that's easily overlooked. > > /M > > -- > Magnus Therning OpenPGP: 0xAB4DFBA4 > email: mag...@therning.org jabber: mag...@therning.org > twitter: magthe http://therning.org/magnus -- Sébastien Leblanc
