Fedora 38 Looks To Shift RPM To Sequoia, A Rust-Based OpenPGP Parser

Written by Michael Larabel in Fedora on 30 November 2022 at 08:30 AM EST. 36 Comments
FEDORA
For the past two decades the RPM package manager software has relied upon its own OpenPGP parser implementation for dealing with package keys and signatures. With Fedora 38 they plan to have their RPM package shifted to use the Rust-written "Sequoia" parser instead.

RPM's own OpenPGP parser implementation has been a maintenance burden and redundant when better supported parsers exist. Upstream RPM has been working to deprecate the internal parser in favor of moving to Sequoia PGP.

Sequoia PGP is an OpenPGP library and with written in Rust is focused on safety and correctness among its design principles.


Fedora developers are eager to move to that RPM with Sequoia PGP and hope to see it all ready for Fedora 38. Switching to this proper OpenPGP parser should lead to improved security and standards compliance. Eventually this will also lead to better error messages and other possible improvements.

This change for Fedora 38 is still being discussed via the devel mailing list. Those wishing to learn more about the RPM Sequoia feature for F38 next year can see this Wiki page for all the details.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week