-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sun, Jul 19, 2020 at 06:20:06PM +0000, WillyPillow wrote: > For the time being, the -primary and -community keys are placed in the > package. > Swapping them out for dedicated keys in the future should be fairly easy if > needed.
Sure. > On another note, I'm wonder which fields are needed in the output of the > "info" > operation. Comparing my WIP code to DNF, I currently do not have the > architecture [2], URL, licence, and description fields. This is due to > `qubes.TemplateSearch` not currently returning those fields. > > For the packages in the official repos, those fields do not contain much > information (in particular, the description field contains the same > information > as the summary), though I'm not sure if they might be useful in the future or > for unofficial templates. I don't know, could you design that so that those can be added in the future if need be? Those need to be understood and properly validated, because some software might act upon that information. For example: Debian provides a directory with licence texts, which allows for /usr/share/common-licenses/$license, which smells path traversal. Fedora's RPM guidelines is even worse, they support operators like "()", "and", "or": https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ > [2]: Probably not needed unless Qubes becomes available on other > architectures. That's a possibility, Xen supports ARM and I think we'll see more desktops/laptops on ARM in the future. But we currently don't have such plans even on a roadmap. > One tricky thing is that the description may contain newlines, while `dnf > repoquery` does not escape them at all [3]. This may mean that another method > of querying the repo needs to be considered if the description is included. > (Or > use unconventional characters/strings as separators. In particular, I can't > pass NULL characters in the arguments to DNF for obvious reasons.) Yes, another qrexec call is OK, provided this won't be too slow, i.e., to display a list of 15 templates available you won't refresh the repo cache 15 times... > [3]: Speaking of which, I'm also unsure what would happen if newlines appear > in, say, the summary field. Maybe I can conduct some experiments about this... Certainly. - -- pozdrawiam / best regards Wojtek Porczyk Invisible Things Lab I do not fear computers, I fear lack of them. -- Isaac Asimov -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAl8VW04ACgkQv2vZMhA6 I1HeeQ//XxVfMG3n1MCMR4saAnLL9qSQdrle0KbbJd0NOV14q8eLFM/no+OiDmf7 TtxZukO6VTqrW1S4yNVoKpexAL9JfbUZTxCP3YyFuU6EFMpm1XjW1y5Io89v0bXg bq2QCVmybiPsGIAcX//y8ug6ucplm79z0um1LMDOlnmfdnW5ktwH4aL56BknON8T 2FndPpFr/9Z7QSqpoSkYykLh/RWRZqKqfEcrHEzs5RLaCnU84mMCmUWQ4yuJwaKE nceorgqMSBSPLQUQukjg8sW5NN1mhDxESpE29+8/Q59ilo6UsMRRpCJLUwu3oI9i TUcp+hXhR4UaOBa5Z7IAe5Ne5cogCd1lw6kM3rdz0bvn45qYoJ8FJKBe7G4uibqT +loM/IbP88fSl0+0sMvWANiMrIXyB/l7G7QZfY9XEAoae2TzgHPVHPgJ5t3wlA2p EsK9kqUaQwc106u+Xh/vTt86K+KVY3/mfGUMV7gdrBaXNr37sy6HqapkdEAD70Bb 2lL/cXAw9TGhX48WULeA1nxaGncfQFMA4DYvJWaLIAsmDrxwdEk7dlSDO6j6VM8o ntWYaLeHBEPt0VGVNf+j8WrlPXQ1faaOtAwR1UlX2sr37v1hzAUj07Tf+s9tnqbP egZ7h2nWW3uJHRG54LRNeViPCLA9jdKLQ2Fw+j4cX7H+ZnuNhkE= =Ivdc -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200720085230.GC2122%40invisiblethingslab.com.
