There are 2 major issues with this: 1) A lot of site-specific build systems implement signing via private/local/proprietary engines, which means those build systems will no longer be able to run on Fedora (and if this spreads to CentOS/RHEL, those too) 2) Even open source providers are still mostly broken, missing core functionality, and largely in a "developers preview" state and years of work away from being anywhere close to stability and reliability of engines. When adding engines support to various systemd tools recently, I tried to use the tpm2 and pkcs11 providers, and just gave up, as there was simply no way to make them work, they are simply not fit for purpose at this stage. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
