home  bbs  files  messages ]

      ZZLI4422             linux.debian.devel             1179 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 857 of 1179 on ZZLI4422, Monday 11-02-25, 1:56  
  From: SIMON JOSEFSSON  
  To: HOLGER LEVSEN  
  Subj: Re: Hard Rust requirements from May onwa  
 From: simon@josefsson.org 
  
 Holger Levsen  writes: 
  
 > On Sat, Nov 01, 2025 at 09:08:34PM +0100, Philipp Kern wrote: 
 >> I was actually looking into this recently, but Sigstore is also in flux 
 >> right now: 
 > 
 > my gut feeling is that sigsum is better suited for this than sigstore but 
 > maybe my guts are wrong here... 
  
 There is no reason (beyond complexity, which is a reasonable concern) to 
 not support both Sigstore and Sigsum, I think. 
  
 Even adding support for SSHSIG would be reasonable, to have an 
 alternative to mess that PGP has become. 
  
 I think supporting multiple ways to verify Release files may actually be 
 useful -- I think it will be many years (if ever) Rust is as reliable on 
 as many archs as C or even Perl/Python is today.  We want some way to 
 verify Release files on archs that haven't drunk the Rust cool-aid. 
  
 /Simon 
  
 --=-=-Content-Type: application/pgp-signature; name="signature.asc" 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmkHIkkUHHNpbW9uQGpv 
 c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f 
 V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z 
 ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh 
 BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA 
 /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx 
 +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx 
 I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 
 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R 
 cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 
 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J 
 ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 
 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB 
 BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA 
 JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF 
 PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh 
 is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFosdXAPwOq3ntYUkI 
 LUf8bl6HM6jzoKNGgcS7V3J+DCjE1Tp8+QD+JfEykB4siLEp3haRaSX7WpATpr09 
 JSkZZC7w6JnTmwI=Ly/d 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,116 visits
(c) 1994,  bbs@darkrealms.ca