[Rpm-maint] [rpm-software-management/rpm] RPM 6.0.0 released! (Discussion #3959)
Panu Matilainen
notifications at github.com
Mon Sep 22 12:44:34 UTC 2025
It's been a long time coming. I think many didn't believe it would come at all.
The RPM v4 format turns 25 this year. In this world of mad dash quarterly economics, a quarter of a century is an eternity, and I think we can conclude the format has proven flexible and all things considered, has served us rather well.
It's also safe to say that a new format is long overdue by now. What was considered state of the art security in 2000 is either long obsolete and/or considered insecure practises, and that's really the main story behind RPM 6.0 and the new v6 format:
* Support for multiple OpenPGP signatures per package (#3385)
* Support for OpenPGP v6 and PQC keys and signatures (#3363)
* Support for updating previously imported keys (#2577)
* Support for both RPM v4 and v6 packages
* Support for installing RPM v3 packages has been removed (#1107)
* RPM defaults to enforcing signature checking (#1573)
* RPM uses the full key ID or fingerprint to identify OpenPGP keys everywhere (#2403)
* Man page and other documentation overhaul (#3612, #3669, #3751)
* Pristine and verifiable release tarballs (#3565) (#2702)
That's what is truly new in 6.0, but that's just the icing on the cake. For the full picture one needs to look at the past ~20 years of development. We have been working towards this day since the rpm.org reboot around 2007, although that realization only really struck in the last few years. Think 64bit file size support, drop-in dependency generators, transaction plugins, rich dependencies, file triggers, debuginfo improvements, new database backends, Lua and expression macro integration, dynamic build-requires and spec generation, user/group support, declarative buildsystems and whatnot, gradually introduced since RPM 4.6.0. All that is what really makes up RPM 6.0, and is available on v6 out of the gate.
Over 300 people, representing a multitude of distributions, companies and other organizations have contributed code, and countless more have provided valuable input in the form of ideas and bug reports. Thank you all, RPM would not be where it is without your contributions!
This is also a nice way to celebrate the oncoming 30th birthday of RPM, measuring from commit history.
For download information and full release notes, including detailed compatibility information, are available at https://rpm.org/releases/6.0.0
The differences to 6.0-beta2 are avaible at https://rpm.org/releases/5.99.99
On behalf of the rpm-team,
- Panu -
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3959
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/3959 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250922/549e759c/attachment-0001.htm>
More information about the Rpm-maint
mailing list