[Rpm-maint] [rpm-software-management/rpm] Add new signature headers for Post Quantum Signatures (Issue #3363)
Panu Matilainen
notifications at github.com
Wed Oct 16 13:37:17 UTC 2024
I don't know if those labels are *needed*, it just seemed like a potentially useful thing to have without reaching into OpenPGP details - ie something that's a fully an rpm level thing. Based on the feedback, it seems like a solution looking for a problem :sweat_smile: If we toss the label out it only makes things simpler of course.
For the simplest possible semantics, I suppose --addsign would just keep piling on signatures in the new tag, and --delete just deletes all of them. Compatibility could indeed be handled by copying one to a legacy tag. For that there are basically two choices: either only do the copy on the first, or replace it on each newly added signature and of those, I think only the former makes sense as it allows you to place some "classic" signature there first for interoperability and then you can pile on top whatever fancy you need on top.
Technically it wouldn't be hard for rpm to just pull in all the signatures it finds for verification regardless of the source tag, but if the new openpgp-tag is defined to have them all, then that just simplifies things.
I think that's actually along the lines of what I envisioned back then, but at that time there was the additional complication of rpm v3 signatures which made the legacy compat semantics weirder (and I never fully thought it through before the steam ran out). The rpm v3 signatures are gone now so it seems actually pretty simple now.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3363#issuecomment-2416865622
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3363/2416865622 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241016/039e19f1/attachment-0001.html>
More information about the Rpm-maint
mailing list