Re: RPM Sequoia: A Sequoia-based backend for the RPM Package Manager

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/27/23 3:51 AM, Neal H. Walfield wrote:
Hi all,

A year and a half ago, I began working with Panu on using Sequoia as
RPM's OpenPGP parser.  I wrote up our journey from the initial
analysis, to adding the code to RPM, and to getting it into Fedora 38
(yay!) in a blog post.  I'm mentioning it here, as I believe it is of
general interest to this community.  If this is considered off topic,
I apologize in advance.

  https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/

Thanks Neal.

A good read indeed.

I do wonder about the error message:

because: SHA1 is not considered secure since 1970-01-01T00:00:00Z

I'm not sure where the date came from, but SHA1 wasn't published until 1993. 1970-01-01 looks like an epic of some kind. If you must include a 'not considered secure' date it should be something between 2010 and 2017 (2010 when peole started worrying about sha1, 2011 and 2013 when NIST said 'stop using it' and 2017 when Google (ironically - since they are the ones still signing packages with it) actually broke it). Probably best to drop the not considered secure if the received date is null.

Bob

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue



_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux