Neal Gompa <ngomp...@gmail.com> writes: > What about DNF? The DNF package manager also uses gpgme right now, and > one of the larger problems we have right now is that we have no > unified keyring between DNF and RPM, because RPM doesn't have an API > to manipulate it. If we were to adopt Sequoia as an optional > alternative, then ideally DNF should *also* get the ability to use it, > mostly because I'm fairly certain that the keyring storage across PGP > implementations are incompatible. Alternatively, adding APIs to RPM so > that DNF can consume them through the RPM interface would work too > (and I'd probably prefer that, honestly).
Interesting. I hadn't considered DNF. Re-using the same OpenPGP implementation seems reasonable, what kind of interface would be required? (Having said that, a keyring is a concatenation of OpenPGP certificates, and I don't expect problems with the storage aspect. However, different implementations may canonicalize the certificates differently, and/or perform signature verification slightly differently.) > I'm personally not a fan of the anti-ergonomic stance of Rust and > several members of the Rust core community seriously aggravate me > given their dislike/hatred of Linux distro folks, but I can't deny > that we're in a wave of "oxidize all the things" right now, and > Sequoia is one of the best PGP implementations out there. Yeah, I can relate to that. But, I think that this will get better over time. Thanks, Justus
signature.asc
Description: PGP signature
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint