Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/20/22 12:03, Miro Hrončok wrote:
On 10. 10. 22 16:32, Ben Cotton wrote:
For the last 20 years or so, RPM has used a home-grown OpenPGP parser
for dealing with keys and signatures. That parser is rather infamous
for its limitations and flaws, and especially in recent years has
proven a significant burden to RPM development. In order to improve
security and free developer resources for dealing with RPM's "core
business" instead, RPM upstream is in the process of deprecating the
internal parser in favor of [https://sequoia-pgp.org/ ; Sequoia PGP]
based solution written in Rust.
At this point the change is mostly invisible in normal daily use.

Which of the following will happen:

1) rpm will gain ExclusiveArch: %{rust_arches}
2) we will stop requiring the above in Rust packages, as Rust is 100% available
3) rpm will %ifarch %{rust_arches} this change
4) something else (what?)

IMHO if we do 1) we could as well do 2) because without rpm, we won't be able to build rpms. 3) seems somewhat tedious for no good reason.

I was under the impression Rust was available for all architectures (for Fedora anyway), no? There's no Rust code in rpm now either this didn't even cross my mind really :D

Technically, I guess the right thing to do is 1) when Sequoia is enabled. Ie:

%if %{with sequoia}
%global crypto sequoia
BuildRequires: rpm-sequoia-devel >= 1.0.0
ExclusiveArch: %{rust_archves}
%else
%global crypto openssl
BuildRequires: openssl-devel
%endif

This is already in rawhide, except for the ExclusiveArch thing.

That said, the non-sequoia options should be considered only a bootstrap aid, we're not going to provide security support for the internal parser for some fringe architectures only.

I'm not sure that answered your questions though.

	- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux