On Mon, Sep 5, 2022 at 10:12 AM Alexander Sosedkin <asosedki@xxxxxxxxxx> wrote: > > Quoting Neal H. Walfield (2022-09-02 16:31:18) > > rpm 4.18 is on the horizon and includes a new OpenPGP backend based on > > Sequoia PGP. > > > > https://rpm.org/wiki/Releases/4.18.0 > > https://sequoia-pgp.org/ > > > > Thanks to Fabio Valentini (decathorpe) for packaging not only > > rpm-sequoia, but all of the Sequoia packages for Fedora. > > > > https://copr.fedorainfracloud.org/coprs/decathorpe/sequoia-test-builds/package/rust-rpm-sequoia/ > > > > > > With this note, I'd firstly like to make the Fedora community more > > aware of this project. (I don't think it has been mentioned here > > yet.) > > > > Second, although the internal OpenPGP backend is still the default > > backend, it will be removed in rpm 4.19: > > > > https://github.com/rpm-software-management/rpm/issues/1935 > > > > It is probably best to start the transition as soon as possible to > > work out any kinks. > > > > In that vein, I'd like to offer my help. Making this type of change > > needs to be done carefully. Perhaps these are questions or concerns. > > I'd like to hear them and respond to them. There is also technical > > work that needs to be done. I'm more of a developer than a packager, > > but if Fedora decides to use the Sequoia backend, I'd like to offer my > > help in any way I can. > > > > > > > > Note: Sequoia currently uses Nettle on Fedora, but there is ongoing > > work to port it to Sequoia to OpenSSL: > > > > https://github.com/rpm-software-management/rpm/issues/2041#issuecomment-1219175000 > > Mind the > https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies > > Will we need to introduce a configuration mechanism to limit algorithm > selection in Sequoia PGP? Or just wait untl it switches to OpenSSL? Isn't this handled at the level of the crypto library? OpenPGP uses nettle for cryptography purposes, shouldn't *that* follow system crypto policy, just as OpenSSL does? For example, I don't see anything related to crypto policies in the gnupg2 package, either. Fabio _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
