On Mon, Oct 25, 2021 at 10:42 AM Justus Winter <jus...@sequoia-pgp.org> wrote:
>
> Neal Gompa <ngomp...@gmail.com> writes:
>
> > What about DNF? The DNF package manager also uses gpgme right now, and
> > one of the larger problems we have right now is that we have no
> > unified keyring between DNF and RPM, because RPM doesn't have an API
> > to manipulate it. If we were to adopt Sequoia as an optional
> > alternative, then ideally DNF should *also* get the ability to use it,
> > mostly because I'm fairly certain that the keyring storage across PGP
> > implementations are incompatible. Alternatively, adding APIs to RPM so
> > that DNF can consume them through the RPM interface would work too
> > (and I'd probably prefer that, honestly).
>
> Interesting.  I hadn't considered DNF.  Re-using the same OpenPGP
> implementation seems reasonable, what kind of interface would be
> required?
>
> (Having said that, a keyring is a concatenation of OpenPGP certificates,
> and I don't expect problems with the storage aspect.  However, different
> implementations may canonicalize the certificates differently, and/or
> perform signature verification slightly differently.)
>

DNF more-or-less uses it in the same way as RPM. The main extra thing
DNF (and really RPM too) should have is the ability to validate
expiration and revocation and block installation in those cases when
RPMs and RPM repodata are signed after those dates.

> > I'm personally not a fan of the anti-ergonomic stance of Rust and
> > several members of the Rust core community seriously aggravate me
> > given their dislike/hatred of Linux distro folks, but I can't deny
> > that we're in a wave of "oxidize all the things" right now, and
> > Sequoia is one of the best PGP implementations out there.
>
> Yeah, I can relate to that.  But, I think that this will get better over
> time.
>

I'm doubtful of that, but who knows?



--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to