This kind of branches out into three questions. 1) What types of keys and standards to we require for Gentoo package management and infrastructure (i.e. GLEP 63).
> What I think makes sense right now is to update GLEP 63 to require > RFC4880 compliant keys, with some explicitly permitted extensions (like > curve 25519 support). This makes sense here. The current v4 is not "badly broken" in any way that I know of at the moment. So let's stick to it as much as possible for now and allow some minimal functional extensions, which are ideally compatible with all the software out there. 2) What software do we need / want to package in the Gentoo repo? Obviously something that handles 1). Beyond that, we *want* to have as much coverage as possible. I'm very reluctant to suggest patching GnuPG with a custom patchset made by ourselves in Gentoo. That said... According to the FreePG website, their patchset is by now already used in GnuPG by (in order of impact) * Fedora * Debian & Ubuntu * Arch * NixOS So, an obvious approach would be to start talking to these maintainers and asking how they handle things. And if they have the hours and know-how for a detailed review. Once all (yes above list plus us would be close to that) Linux distros use a patchset it's effectively a fork. 3) What else can we do to fix the mess? Apply some not-so-subtle pressure to people to find a compromise. Not sure how yet. Technical issues can be fixed. Egos not so much. -- Andreas K. Hüttel [email protected] Gentoo Linux developer (council, comrel, toolchain, base-system, perl, libreoffice) https://wiki.gentoo.org/wiki/User:Dilfridge
signature.asc
Description: This is a digitally signed message part.
