On Fri, Jan 16, 2026 at 5:13 PM Michael J Gruber <[email protected]> wrote: > > Alternatively, the gpgverify macro could call `sqv` directly, keeping > the macro call signature as is.
Maybe yes. Switching the default to sqv would even have resulted in a quite nice reduction of the default buildroot (dropping nettle, gnutls, tpm stuff, etc.) ... but then RPM decided to add a hard dependency on gnupg2. :sad face: https://bugzilla.redhat.com/show_bug.cgi?id=2360992 > I mean, if we use sq for rpm signatures we can use it for source tarball > checks by default, can't we? Small correction: For rpm signatures, rpm-sequoia is used (a shared library), not sq (the executable from sequoia-sq). But both are built on top of the sequoia-openpgp Rust library. Fabio -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
