rpm with sequoia pgp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

rpm 4.18 is on the horizon and includes a new OpenPGP backend based on
Sequoia PGP.

  https://rpm.org/wiki/Releases/4.18.0
  https://sequoia-pgp.org/

Thanks to Fabio Valentini (decathorpe) for packaging not only
rpm-sequoia, but all of the Sequoia packages for Fedora.

  https://copr.fedorainfracloud.org/coprs/decathorpe/sequoia-test-builds/package/rust-rpm-sequoia/


With this note, I'd firstly like to make the Fedora community more
aware of this project.  (I don't think it has been mentioned here
yet.)

Second, although the internal OpenPGP backend is still the default
backend, it will be removed in rpm 4.19:

  https://github.com/rpm-software-management/rpm/issues/1935

It is probably best to start the transition as soon as possible to
work out any kinks.

In that vein, I'd like to offer my help.  Making this type of change
needs to be done carefully.  Perhaps these are questions or concerns.
I'd like to hear them and respond to them.  There is also technical
work that needs to be done.  I'm more of a developer than a packager,
but if Fedora decides to use the Sequoia backend, I'd like to offer my
help in any way I can.



Note: Sequoia currently uses Nettle on Fedora, but there is ongoing
work to port it to Sequoia to OpenSSL:

  https://github.com/rpm-software-management/rpm/issues/2041#issuecomment-1219175000

Note2: There are lots of reasons to use Sequoia, but one user-visible
reason is improved usability.  When a user imports a certificate,
Sequoia lints it and displays potential issues, or reasons why it
can't be imported:

  https://github.com/rpm-software-management/rpm/issues/1974#issuecomment-1081779174

  $ rpm --import peter-expired-backsig.pgp
  Certificate 251C20A67D942D45:
    Policy rejects subkey CB4F47D30C8C9CE1: Expired on 2020-05-08T05:11:51Z
    Certificate does not have any usable signing keys

Whereas before rpm would just say:

  error: peter-expired-backsig.pgp: key 1 import failed.

Thanks,

:) Neal
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux