Re: rpm with sequoia pgp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 5, 2022 at 10:12 AM Alexander Sosedkin <asosedki@xxxxxxxxxx> wrote:
>
> Quoting Neal H. Walfield (2022-09-02 16:31:18)
> > rpm 4.18 is on the horizon and includes a new OpenPGP backend based on
> > Sequoia PGP.
> >
> >   https://rpm.org/wiki/Releases/4.18.0
> >   https://sequoia-pgp.org/
> >
> > Thanks to Fabio Valentini (decathorpe) for packaging not only
> > rpm-sequoia, but all of the Sequoia packages for Fedora.
> >
> >   https://copr.fedorainfracloud.org/coprs/decathorpe/sequoia-test-builds/package/rust-rpm-sequoia/
> >
> >
> > With this note, I'd firstly like to make the Fedora community more
> > aware of this project.  (I don't think it has been mentioned here
> > yet.)
> >
> > Second, although the internal OpenPGP backend is still the default
> > backend, it will be removed in rpm 4.19:
> >
> >   https://github.com/rpm-software-management/rpm/issues/1935
> >
> > It is probably best to start the transition as soon as possible to
> > work out any kinks.
> >
> > In that vein, I'd like to offer my help.  Making this type of change
> > needs to be done carefully.  Perhaps these are questions or concerns.
> > I'd like to hear them and respond to them.  There is also technical
> > work that needs to be done.  I'm more of a developer than a packager,
> > but if Fedora decides to use the Sequoia backend, I'd like to offer my
> > help in any way I can.
> >
> >
> >
> > Note: Sequoia currently uses Nettle on Fedora, but there is ongoing
> > work to port it to Sequoia to OpenSSL:
> >
> >   https://github.com/rpm-software-management/rpm/issues/2041#issuecomment-1219175000
>
> Mind the
> https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies
>
> Will we need to introduce a configuration mechanism to limit algorithm
> selection in Sequoia PGP? Or just wait untl it switches to OpenSSL?

Isn't this handled at the level of the crypto library?
OpenPGP uses nettle for cryptography purposes, shouldn't *that* follow
system crypto policy, just as OpenSSL does?
For example, I don't see anything related to crypto policies in the
gnupg2 package, either.

Fabio
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux