Announcement

Collapse
No announcement yet.

Fedora 38 Looks To Shift RPM To Sequoia, A Rust-Based OpenPGP Parser

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 38 Looks To Shift RPM To Sequoia, A Rust-Based OpenPGP Parser

    Phoronix: Fedora 38 Looks To Shift RPM To Sequoia, A Rust-Based OpenPGP Parser

    For the past two decades the RPM package manager software has relied upon its own OpenPGP parser implementation for dealing with package keys and signatures. With Fedora 38 they plan to have their RPM package shifted to use the Rust-written "Sequoia" parser instead...

    https://www.phoronix.com/news/Fedora...M-Sequoia-Rust

  • #2
    Sequoia is great, but only its API is actually written in Rust; it uses nettle for its cryptographic backend. (Eventually it will support openssl as a backend, but that isn't Rust either.)

    Comment


    • #3
      Originally posted by jstoik View Post
      Sequoia is great, but only its API is actually written in Rust; it uses nettle for its cryptographic backend. (Eventually it will support openssl as a backend, but that isn't Rust either.)
      well cryptographic guarantees for safety are requiring safety on such levels as power measements attacks, timing attacks etc. Rust when provides safety in some areas it cannot compete with extreme amount of audits projects like openssl has in manners of security.

      Comment


      • #4
        Rust's entire security cargo cult relies on refcounts.

        Comment


        • #5
          Originally posted by rmoog View Post
          Rust's entire security cargo cult relies on refcounts.
          This is incorrect. Rust is not a garbage collected language. Memory is freed deterministically because of language features that enforce ownership.

          Comment


          • #6
            Originally posted by RahulSundaram View Post

            This is incorrect. Rust is not a garbage collected language. Memory is freed deterministically because of language features that enforce ownership.
            Do you know those features or is this what your friend who sold you on Rust told you to believe in?

            Comment


            • #7
              Originally posted by rmoog View Post

              Do you know those features or is this what your friend who sold you on Rust told you to believe in?
              I know that is true because I write Rust a lot and it indeed doesn't have a garbage collector.
              It enforces safety using lifetime checker and borrow rules.

              Comment


              • #8
                Originally posted by rmoog View Post

                Do you know those features or is this what your friend who sold you on Rust told you to believe in?
                Yes, everyone including me who has programmed in Rust is very well aware of these features since they are front and center to the language and is very well documented.

                Comment


                • #9
                  Originally posted by rmoog View Post

                  Do you know those features or is this what your friend who sold you on Rust told you to believe in?
                  No, that's what the actually knows because unlike you, he understands Rust.

                  Comment


                  • #10
                    Originally posted by RahulSundaram View Post

                    This is incorrect. Rust is not a garbage collected language. Memory is freed deterministically because of language features that enforce ownership.
                    The emphasis was on "cargo cult". It just means the "refs" are counted within the compiler.

                    These are features that are there in C++ and a couple of other languages since decades. I am quite amused about the rustafaris. They really think they invented it.

                    Comment

                    Working...
                    X