I think that in context of reproducibility and secure supply chain SW delivery
lockfiles as a concept makes sense and from my layman's perspective it looks
plausible however I don't feel competent enough to review this format in depth.
What I as a stakeholder am interested in knowing is the following:
- whether the RPM/DNF community would officially endorse this format officially
and adopt it natively in some way
- whether (speaking of potential native adoption here) there's actually **any**
intersection where the format would be useful to let's say DNF itself
- whether anyone from the RPM/DNF community sees potential problems/pitfalls
and would object to the format as proposed before this finds its way as the de
facto standard to secure supply chain SW delivery pipelines where RPMs are
involved
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2908#discussioncomment-8463657
You are receiving this because you are subscribed to this thread.
Message ID:
<rpm-software-management/rpm/repo-discussions/2908/comments/8463...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
