Making gpgme dependency optional
- From: Jussi Laako <jussi laako linux intel com>
- To: ostree-list gnome org
- Subject: Making gpgme dependency optional
- Date: Thu, 1 Jun 2017 16:29:07 +0300
Hi,
We would be interested to hear if there are any change plans regarding
gpgme dependency? At the moment gpgme pulls in GPLv3 software and also
causes some performance issues when used with bigger distribution builds.
To approach these challenges, I've been thinking about adding
alternative, build time configure option to support PKCS#7 signatures
and X.509 keys. This could be implemented using GnuTLS library which has
support for both PKCS#7 and of course X.509 keys/PKCS#12 (certificates).
GnuTLS has also some amount of support for OpenPGP keys in addition to
PKCS#11 and TPM keys. So this could allow also some expansion towards
other key types, which I need to study more.
Based on reading of the ostree sources, this doesn't seem like too
intrusive or big change and could be introduced as optional feature
through configure option. After thinking about various alternatives,
this seemed like clean way to address those two concerns.
Before starting to work on the code, I would like to hear your opinion
and feedback on these thoughts and whether such could be acceptable for
inclusion in ostree?
Best regards,
- Jussi Laako
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
