[Rpm-maint] [rpm-software-management/rpm] RPM v6 package format, first public draft for commenting (Discussion #2374)

Panu Matilainen notifications at github.com
Mon Feb 12 10:43:38 UTC 2024


There hasn't been much direct activity here recently, but doesn't mean no work has been going on. I'm planning to produce an updated version of the draft in the coming weeks, but the main point is going to be:

The overriding priority for V6 is the obsolence of V4 crypto. We need a replacement format now, not in five or ten years time. And to make this happen *now*, V6 packages will need to be significantly compatible with existing rpm versions to allow existing infrastructure to handle them. This will mean backpedalling a bit on some things  - such as zeroing the lead which would achieve *absolutely nothing* except cause an unnecessary incompatibility. 

This isn't any big revelation actually, it's just going back to where it started after getting just a little bit carried away for a while: the package level fundamentals are already implemented in rpm >= 4.14, v6 is really more about defaults and dusting dark corners than anything else. 

The time for more forward-looking changes is after we have v6 out and deployed. Then we can start planning for v7 in the next 5-10 years scale. The 20+ years since v4 was much, much too long.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2374#discussioncomment-8439989
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/repo-discussions/2374/comments/8439989 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240212/4d5da185/attachment.html>


More information about the Rpm-maint mailing list