[Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

Justus Winter notifications at github.com
Fri Jan 21 16:35:56 UTC 2022


@teythoon commented on this pull request.



> @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
 	case PGPSUBTYPE_REVOKE_REASON:
 	case PGPSUBTYPE_FEATURES:
 	case PGPSUBTYPE_EMBEDDED_SIG:
+	    pgpPrtHex("", p+1, plen-1);
+	    break;
+	case PGPSUBTYPE_NOTATION:

The RPM developers made it abundantly clear that PGP certificate canonicalization is not needed for RPM.  They also explained to me how OpenPGP works, and how the IETF working group works, and that me spending hours every week working on the revision of the spec is nothing new relative to what Werner did.  All of that made it a lot less exciting to work on RPM.

Also, when I started looking into RPM's implementation, I thought it would be salvageable.  I'm no longer convinced.

Then, I started refactoring RPM with the idea of making the PGP implementation plugable.  That turned out to be very messy and immediately break RPM's public interfaces, therefore it cannot be an incremental improvement.  Not fun.  Lingers in my branch waiting to be picked up again.  May happen someday.

Sorry for dumping.  I'm not going to fix RPM's PGP implementation.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#discussion_r789814761
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1813/review/859781645 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220121/c9877d71/attachment.html>


More information about the Rpm-maint mailing list