Re: RPM Sequoia: A Sequoia-based backend for the RPM Package Manager

Thu, 27 Apr 2023 10:56:10 -0700 

On 4/27/23 3:51 AM, Neal H. Walfield wrote:

Hi all,

A year and a half ago, I began working with Panu on using Sequoia as
RPM's OpenPGP parser.  I wrote up our journey from the initial
analysis, to adding the code to RPM, and to getting it into Fedora 38
(yay!) in a blog post.  I'm mentioning it here, as I believe it is of
general interest to this community.  If this is considered off topic,
I apologize in advance.

   https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/


Thanks Neal.

A good read indeed.

I do wonder about the error message:

||

|because: SHA1 is not considered secure since 1970-01-01T00:00:00Z|
I'm not sure where the date came from, but SHA1 wasn't published until 1993. 1970-01-01 looks like an epic of some kind. If you must include a 'not considered secure' date it should be something between 2010 and 2017 (2010 when peole started worrying about sha1, 2011 and 2013 when NIST said 'stop using it' and 2017 when Google (ironically - since they are the ones still signing packages with it) actually broke it). Probably best to drop the not considered secure if the received date is null|.| 

Bob||


_______________________________________________
devel mailing list --devel@lists.fedoraproject.org
To unsubscribe send an email todevel-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue



_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to