RPM uses OpenPGP to protect software updates. In the fall of 2022, it switched from using its own internal OpenPGP implementation to Sequoia. Last week, Fedora 38 was released with a version of RPM that uses Sequoia. I've written about the 1.5 year journey in a blog post.
@nwalfield that’s good news.
Mostly unrelated, but I’d like to see RPM move toward external signatures and binary reproducibility.
But, removing homegrown code that isn’t the main functionality of the package manager is awesome!
Add comment