[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Regarding ideas to replace gpgv with sqv

Thanks for following up.

On Tue, 02 Feb 2021 13:48:15 +0100,
Julian Andres Klode wrote:
> On Sun, Jan 31, 2021 at 02:01:02PM +0100, Neal H. Walfield wrote:
> > On Thu, 28 Jan 2021 11:15:18 +0100,
> > Julian Andres Klode wrote:
> I don't care about these ports as we don't need to provide security support
> for them, so well, so keeping frozen gpgv code paths around would work
> (heck, they'll still get updated anyway, but no need to rush out updates
> for stable releases in like 8 years or so when the existing stable
> releases have all EOLed).


> > If apt were to use SOP, you'd only have to maintain a single code
> > path, but different distributions and different architectures could
> > still use their preferred OpenPGP backend.
> Different backends have different bugs, so we do want to use the same
> backends across major distros to ensure that we all see the same bugs.

I agree with this concern.

It sounds like you are suggesting that adding Sequoia directly to apt
would be the best way forward given the trade offs.  But, you didn't
say that explicitly.  Did I understand correctly?

If so, we should probably start by replicating the existing
functionality using Sequoia.  I'd use a Rust shim rather than the ffi.
Do you agree with this?

:) Neal

Reply to: