> > > > > > > > Yes, this is a known - or not so well known - limitation. As
> > > > > > > > the signature check is basically done by hand it lack a lot of
> > > > > > > > feature one would expect of GPG proper.
> > > > > > >
> > > > > > >
> > > > > > > Can we (as an option) use a third-party library, such as
> > > > > > > [rpgp](/rpgp/rpgp)?
> > > > > >
> > > > > >
> > > > > > Rust is not acceptable due to its weak portability.
> > > > >
> > > > >
> > > > > Writing a full PGP packet parser in C is too risky, IMO. GPG itself
> > > > > had a buffer overflow not too long ago. We can always detect at
> > > > > compile-time if the Rust library is available, and fall back to the
> > > > > built-in parser if it is not.
> > > >
> > > >
> > > > The issue is that RPM has to work on _everything_. RPM is used on
> > > > Linux, Windows (!!!), OS/2 (!!!!!), AIX, IRIX, macOS, and so on.
> > > > Several of these platforms cannot use Rust or will never get Rust ports.
> > >
> > >
> > > I had not thought of that. Does LLVM support all of those platforms? If
> > > so, a `#[no_std]` build of rpgp (that is, one that doesn’t use the
> > > standard library) should work on them.
> >
> >
> > It does not. Most of them will likely never receive an LLVM port, because
> > they're not considered important enough to receive it, and GCC already
> > exists. This is one of the unfortunate downsides to Rust being an
> > underspecified language that cannot support multiple conforming
> > implementations.
>
> At the very least, we can use a Rust library on the platforms that support it
> (most of the important ones) and use our built-in implementation on the
> others. We should also consider dropping IRIX and probably OS/2 support, as
> both have been discontinued.
>
That probably provides no material benefit for us. IRIX, AIX, and other
Unix-types are supported by community contributors. OS/2 support is maintained
_mostly_ out of tree, but we don't need to make their lives considerably harder
if we don't have to.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1306#issuecomment-751387145
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
