On Wed, Apr 22, 2020 at 3:46 AM Adrian Schröter <adrian@suse.de> wrote:
On Mittwoch, 22. April 2020, 09:40:01 CEST wrote Stasiek Michalski:
On Wed, Apr 22, 2020 at 09:27, Adrian Schröter <adrian@suse.de> wrote:
On Freitag, 17. April 2020, 18:52:56 CEST wrote cunix:
Therefore I would propose to wait with shipping a Jump-like approach officially to openSUSE Leap, until the tools are able to work with multiple keys/signatures.
AFAIK, it would be an incompatible change in rpm's binary format. So nothing what I hope for soon.
https://github.com/rpm-software-management/rpm/projects/4 it is being worked on upstream though, I wouldn't call it unfeasible ;) (I gotta suggest signify as a replacement for pgp since I really want that to happen though, thanks for a reminder)
Ah, cool. Then there is hope indeed :)
Do you know if rpm will handle the signatures with an "and" or "or" requirement? I mean, will it check if both signatures are valid or only one of them?
I think the idea is that the librpm API will give you that flexibility. Certainly Panu and Florian have been talking to the DNF team about directly using such new APIs with the package manager so that more fine-grained policies can be implemented. It's been a personal point of pain for Panu that most RPM package managers do RPM signature handling in a bad way, according to him. :) -- 真実はいつも一つ!/ Always, there's only one truth! -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org