Hi all,
rpm 4.18 is on the horizon and includes a new OpenPGP backend based on
Sequoia PGP.
https://rpm.org/wiki/Releases/4.18.0
https://sequoia-pgp.org/
Thanks to Fabio Valentini (decathorpe) for packaging not only
rpm-sequoia, but all of the Sequoia packages for Fedora.
On Thu, 13 Oct 2022 09:29:27 +0200,
Panu Matilainen wrote:
> >> - Some old, insecure (MD5/SHA1 based) signatures are rejected (this is
> >> in line with the stronger crypto settings proposed elsewhere for F38)
> >
> > Such a hardcoded restriction, without a way for the local administrator to
> >
On Fri, 14 Oct 2022 18:28:01 +0200,
Simo Sorce wrote:
> At this time, as far as I know, there is no OpenPGP work of any kind on
> supporting PQC algorithms.
The German BSI contracted MTG AG to design and implement PQC for
OpenPGP. They presented their work at IETF 113, and at the OpenPGP
email
On Mon, 05 Sep 2022 10:12:23 +0200,
Alexander Sosedkin wrote:
> Mind the
> https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies
>
> Will we need to introduce a configuration mechanism to limit algorithm
> selection in Sequoia PGP? Or just wait untl it switches to OpenSSL?
Hi Dan,
On Mon, 05 Sep 2022 14:18:05 +0200,
Dan Čermák wrote:
> "Neal H. Walfield" writes:
> As Sequoia is written in Rust, what is your RISCV story? Fedora is (at
> least that's my impression) a quite popular choice for RISCV boards, so
> rpm working on RISCV would be
Hi Paul,
Thanks for your comments.
On Fri, 02 Sep 2022 20:21:21 +0200,
Paul Wouters wrote:
> On Fri, 2 Sep 2022, Neal H. Walfield wrote:
>
> > Note: Sequoia currently uses Nettle on Fedora, but there is ongoing
> > work to port it to Sequoia to OpenSSL:
>
> I think t
Hi Simo,
On Fri, 14 Oct 2022 18:28:01 +0200,
Simo Sorce wrote:
> At this time, as far as I know, there is no OpenPGP work of any kind on
> supporting PQC algorithms. Furthermore the way we use signatures in RPM
> really has no resemblance to the scenarios OpenPGP was built for.
>
> So we should
Hi Simo,
On Fri, 14 Oct 2022 22:36:09 +0200,
Neal H. Walfield wrote:
> On Fri, 14 Oct 2022 18:28:01 +0200,
> Simo Sorce wrote:
> > At this time, as far as I know, there is no OpenPGP work of any kind on
> > supporting PQC algorithms.
>
> The German BSI contracted MTG AG
Hi Ben,
Thanks for working on this.
On Fri, 24 Mar 2023 19:25:46 +0100,
Ben Cotton wrote:
> Accepted blockers
> -
>
> 1. crypto-policies ― Insecure installed RPMs (like Google Chrome)
> prevent system updates in F38, can't be removed ― ASSIGNED
> ACTION: Maintainers to propose
Hi all,
A year and a half ago, I began working with Panu on using Sequoia as
RPM's OpenPGP parser. I wrote up our journey from the initial
analysis, to adding the code to RPM, and to getting it into Fedora 38
(yay!) in a blog post. I'm mentioning it here, as I believe it is of
general interest
Hi Bob,
On Thu, 27 Apr 2023 19:55:42 +0200,
Robert Relyea wrote:
> A good read indeed.
Thanks, I'm happy you enjoyed it :).
> I do wonder about the error message:
>
> because: SHA1 is not considered secure since 1970-01-01T00:00:00Z
>
> I'm not sure where the date came from, but SHA1 wasn't
On Mon, 27 Mar 2023 13:16:45 +0200,
Zbigniew Jędrzejewski-Szmek wrote:
> I agree. The scope of the issue is fairly narrow, and the underlying
> issue is an invalid signature made by the anydesk maintainers.
> We also have a simple command that users can use to work around
> the issue.
If you are
Hi Zbyszek,
Thanks for the clarifications.
Neal
On Mon, 27 Mar 2023 14:32:58 +0200,
Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Mar 27, 2023 at 01:29:38PM +0200, Neal H. Walfield wrote:
> > On Mon, 27 Mar 2023 13:16:45 +0200,
> > Zbigniew Jędrzejewski-Szmek wrote:
> >
On Tue, 06 Jun 2023 18:07:04 +0200,
Fabio Valentini wrote:
> On the other hand, the libreoffice flatpak bundles ~80 projects:
> - gpgme (huh?)
This...
> - openldap (huh?)
and perhaps this are probably because it is possible to sign and
encrypt ODF documents using OpenPGP. Some details are
On Thu, 08 Jun 2023 21:37:09 +0200,
Ondřej Budai wrote:
> RPM Sequoia's crypto policies can be configured, so you should be able to
> re-enable SHA-1. However, this would
> be a global change, not only for EL6... See
>
Hi Pavel,
On Wed, 14 Jun 2023 11:27:35 +0200,
Pavel Raiskup wrote:
> On úterý 13. června 2023 16:57:42 CEST Neal H. Walfield wrote:
> > On Thu, 08 Jun 2023 21:37:09 +0200,
> > Ondřej Budai wrote:
> > > RPM Sequoia's crypto policies can be configured, so you should be able
Antoine Zellmeyer via devel writes:
> Sorry for the late answer, It seems to be working :) I was able to import and
> install packages signed with this certificate.
Thanks for confirming that it works as expected. I've made a new
release of rpm-sequoia, which includes this fix. I expect that
Hi Antoine
Antoine Zellmeyer via devel writes:
> Thanks ! I'll follow this issue.
Great. I posted a fix. It would be helpful if you could test that it
works for your case. Specifically, it would be helpful to hear back
that it:
- imports the certificate, and
- you are able to install
Hi Antoine,
Antoine Zellmeyer via devel writes:
> Following Fedora’s migration to Sequoia PGP, it seems that it isn’t possible
> to import an expired signing key anymore.
>
> rpm --import https://some.domain/public-keys/SOME_EXPIRED_RPM_KEY.public
> error: Certificate :
> The certificate is
19 matches
Mail list logo
