On Mon, Jan 5, 2026 at 5:14 PM Michael J Gruber <[email protected]> wrote: > > Clemens Lang venit, vidit, dixit 2026-01-05 21:46:21: > > Hi, > > > > > On 2. Jan 2026, at 18:24, Gary Buhrmaster <[email protected]> > > > wrote: > > > > > > I have not followed the other major distros > > > (including, perhaps importantly, a major > > > Enterprise Linux's planning processes for > > > ELnext). Do we have any indications as to > > > what they are doing or planning? > > > > RHEL uses Sequoia-PGP for RPM and is working to add sequoia support to > > other clients (podman, buildah, skopeo, eventually ostree, flatpak). Some > > of those have already landed upstream. > > > > Availability of PQC signatures is a major driving factor for this, but not > > the only one. As of RHEL 10, libgcrypt (the implementation of cryptographic > > primitives underpinning GnuPG) is no longer considered a core cryptography > > library of RHEL. > > > > RHEL 10 already contains RPM signing keys that cannot be understood by > > GnuPG. > > Why oh why? > > I mean, I'm all for replacing gnupg by something better. But why is RH > deliberately chosing key types which force sequoia adoption? > > I'm sorry to say, but that's another display of the attitude around the > sequoia project which keeps at least some people from embracing it. >
They chose PQC algorithms because... they want PQC signatures. As far as I'm aware, GnuPG doesn't *have* support for PQC algorithms. And we've been using Sequoia for RPM signature validation since Fedora Linux 38. From *our* perspective, there's nothing wrong with using those new algorithms. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
