1

Fedora 38 Looks To Shift RPM To Sequoia, A Rust-Based OpenPGP Parser

 1 year ago
source link: https://www.phoronix.com/news/Fedora-38-RPM-Sequoia-Rust
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Fedora 38 Looks To Shift RPM To Sequoia, A Rust-Based OpenPGP Parser

Written by Michael Larabel in Fedora on 30 November 2022 at 08:30 AM EST. 8 Comments

For the past two decades the RPM package manager software has relied upon its own OpenPGP parser implementation for dealing with package keys and signatures. With Fedora 38 they plan to have their RPM package shifted to use the Rust-written "Sequoia" parser instead.

RPM's own OpenPGP parser implementation has been a maintenance burden and redundant when better supported parsers exist. Upstream RPM has been working to deprecate the internal parser in favor of moving to Sequoia PGP.

Sequoia PGP is an OpenPGP library and with written in Rust is focused on safety and correctness among its design principles.

image.php?id=2022&image=sequoia_pgp_med
Fedora developers are eager to move to that RPM with Sequoia PGP and hope to see it all ready for Fedora 38. Switching to this proper OpenPGP parser should lead to improved security and standards compliance. Eventually this will also lead to better error messages and other possible improvements.

This change for Fedora 38 is still being discussed via the devel mailing list. Those wishing to learn more about the RPM Sequoia feature for F38 next year can see this Wiki page for all the details.

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK