On Fri, 24 Nov 2023 at 16:49, Mark Hatle <[email protected]> wrote: > You missed the option of going onto the RPM mailing list, explaining our > use-case and why RUST isn't appropriate for our default crypto needs. > > In the past the RPM maintainers have been receptive to our needs and factored > them into the changes, I suspect part of the reason they may have deprecated > it > is explicitly to get feedback from otherwise silent users of RPM.
Upstream describes it thusly: "For the last 20 years or so, RPM has used a home-grown OpenPGP parser for dealing with keys and signatures. That parser is rather infamous for its limitations and flaws, and especially in recent years has proven a significant burden to RPM development. In order to improve security and free developer resources for dealing with RPM's "core business" instead, RPM upstream is in the process of deprecating the internal parser in favor of Sequoia PGP based solution written in Rust. " There's also an extended description of why they're doing this: https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/ Please read it, before you start typing an answer here. I do not think they're going to be receptive to the idea that sequoia is not acceptable to some users because it takes too long to build rust and clang. Their core consumer is Fedora and RHEL, and maybe Suse, and for them it doesn't matter. The best we can hope for is a switch to disable support for rpm signature verification altogether, which would also not require sequoia and its build tools. The maintainers you refer to was probably that one person doing the weird rpm 5.x fork. Ever since we reverted to 4.x from red hat (driven by smart being abandoned and dnf the only realistic option), the relationship with Panu and friends has been aloof at best. So please, do file a ticket, because I'm fully convinced they're going to laugh me out of the room if I try: https://github.com/rpm-software-management/rpm/issues Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1865): https://lists.openembedded.org/g/openembedded-architecture/message/1865 Mute This Topic: https://lists.openembedded.org/mt/102780086/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
