On Fri, Nov 24, 2023 at 5:36 PM Alexander Kanavin <[email protected]> wrote: > > On Fri, 24 Nov 2023 at 16:49, Mark Hatle <[email protected]> > wrote: > > You missed the option of going onto the RPM mailing list, explaining our > > use-case and why RUST isn't appropriate for our default crypto needs. > > > > In the past the RPM maintainers have been receptive to our needs and > > factored > > them into the changes, I suspect part of the reason they may have > > deprecated it > > is explicitly to get feedback from otherwise silent users of RPM. > > Upstream describes it thusly: > "For the last 20 years or so, RPM has used a home-grown OpenPGP parser > for dealing with keys and signatures. That parser is rather infamous > for its limitations and flaws, and especially in recent years has > proven a significant burden to RPM development. In order to improve > security and free developer resources for dealing with RPM's "core > business" instead, RPM upstream is in the process of deprecating the > internal parser in favor of Sequoia PGP based solution written in > Rust. " > > There's also an extended description of why they're doing this: > https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/ > > Please read it, before you start typing an answer here. >
Having had to touch OpenPGP integration in the previous lives, I'm not really sure I blame them. > I do not think they're going to be receptive to the idea that sequoia > is not acceptable to some users because it takes too long to build > rust and clang. ISTM that rust (and the inevitable dependency chain) is what we're going to have to live with in the not too distant future, not just for rpm... heck I'm no rust programmer, but it's what I moved our codebase to and the skills I chose to hire; carrying around rust and clang (for bindgen) is something we ended up doing. At the same time, I completely get the cost of carrying this... I guess mostly I don't have to pay that tax as we're not tracking master :| -- Alex Kiernan
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1868): https://lists.openembedded.org/g/openembedded-architecture/message/1868 Mute This Topic: https://lists.openembedded.org/mt/102780086/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
