Hi all, rpm 4.18 is on the horizon and includes a new OpenPGP backend based on Sequoia PGP.
https://rpm.org/wiki/Releases/4.18.0 https://sequoia-pgp.org/ Thanks to Fabio Valentini (decathorpe) for packaging not only rpm-sequoia, but all of the Sequoia packages for Fedora. https://copr.fedorainfracloud.org/coprs/decathorpe/sequoia-test-builds/package/rust-rpm-sequoia/ With this note, I'd firstly like to make the Fedora community more aware of this project. (I don't think it has been mentioned here yet.) Second, although the internal OpenPGP backend is still the default backend, it will be removed in rpm 4.19: https://github.com/rpm-software-management/rpm/issues/1935 It is probably best to start the transition as soon as possible to work out any kinks. In that vein, I'd like to offer my help. Making this type of change needs to be done carefully. Perhaps these are questions or concerns. I'd like to hear them and respond to them. There is also technical work that needs to be done. I'm more of a developer than a packager, but if Fedora decides to use the Sequoia backend, I'd like to offer my help in any way I can. Note: Sequoia currently uses Nettle on Fedora, but there is ongoing work to port it to Sequoia to OpenSSL: https://github.com/rpm-software-management/rpm/issues/2041#issuecomment-1219175000 Note2: There are lots of reasons to use Sequoia, but one user-visible reason is improved usability. When a user imports a certificate, Sequoia lints it and displays potential issues, or reasons why it can't be imported: https://github.com/rpm-software-management/rpm/issues/1974#issuecomment-1081779174 $ rpm --import peter-expired-backsig.pgp Certificate 251C20A67D942D45: Policy rejects subkey CB4F47D30C8C9CE1: Expired on 2020-05-08T05:11:51Z Certificate does not have any usable signing keys Whereas before rpm would just say: error: peter-expired-backsig.pgp: key 1 import failed. Thanks, :) Neal _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
