Neal Gompa <ngomp...@gmail.com> writes:

> What about DNF? The DNF package manager also uses gpgme right now, and
> one of the larger problems we have right now is that we have no
> unified keyring between DNF and RPM, because RPM doesn't have an API
> to manipulate it. If we were to adopt Sequoia as an optional
> alternative, then ideally DNF should *also* get the ability to use it,
> mostly because I'm fairly certain that the keyring storage across PGP
> implementations are incompatible. Alternatively, adding APIs to RPM so
> that DNF can consume them through the RPM interface would work too
> (and I'd probably prefer that, honestly).

Interesting.  I hadn't considered DNF.  Re-using the same OpenPGP
implementation seems reasonable, what kind of interface would be
required?

(Having said that, a keyring is a concatenation of OpenPGP certificates,
and I don't expect problems with the storage aspect.  However, different
implementations may canonicalize the certificates differently, and/or
perform signature verification slightly differently.)

> I'm personally not a fan of the anti-ergonomic stance of Rust and
> several members of the Rust core community seriously aggravate me
> given their dislike/hatred of Linux distro folks, but I can't deny
> that we're in a wave of "oxidize all the things" right now, and
> Sequoia is one of the best PGP implementations out there.

Yeah, I can relate to that.  But, I think that this will get better over
time.

Thanks,
Justus

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to