On 9/2/22 17:31, Neal H. Walfield wrote:
Hi all,
rpm 4.18 is on the horizon and includes a new OpenPGP backend based on
Sequoia PGP.
https://rpm.org/wiki/Releases/4.18.0
https://sequoia-pgp.org/
Thanks to Fabio Valentini (decathorpe) for packaging not only
rpm-sequoia, but all of the Sequoia packages for Fedora.
https://copr.fedorainfracloud.org/coprs/decathorpe/sequoia-test-builds/package/rust-rpm-sequoia/
With this note, I'd firstly like to make the Fedora community more
aware of this project. (I don't think it has been mentioned here
yet.)
Second, although the internal OpenPGP backend is still the default
backend, it will be removed in rpm 4.19:
https://github.com/rpm-software-management/rpm/issues/1935
While that was the initial goal, I suspect we may have to stretch this a
bit. I think we'll first need a release where the upstream default is
something else, and then in the next release we can actually look at
axing it.
It is probably best to start the transition as soon as possible to
work out any kinks.
In that vein, I'd like to offer my help. Making this type of change
needs to be done carefully. Perhaps these are questions or concerns.
I'd like to hear them and respond to them. There is also technical
work that needs to be done. I'm more of a developer than a packager,
but if Fedora decides to use the Sequoia backend, I'd like to offer my
help in any way I can.
Since rpm 4.18 gained the Sequoia support afterall, we can and should
look into swapping over in Fedora 38. That'll help sorting out any rough
edges and make it easier to eventually swap the default in upstream as
well. We probably need to do this with a change process as anything
rpm-related tends to be system/distro wide in a sense (see below)
Once the dust from 4.18 has settled (final is expected in a couple of
weeks) we can start digging into this, although nothing prevents
starting with other "paperwork" etc.
Note: Sequoia currently uses Nettle on Fedora, but there is ongoing
work to port it to Sequoia to OpenSSL:
https://github.com/rpm-software-management/rpm/issues/2041#issuecomment-1219175000
This may well be a blocker on Fedora level, in part to keep container
etc images small but also for distro crypto policies and FIPS (neither
of which nettle supports AIUI).
- Panu -
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue