Making gpgme dependency optional


We would be interested to hear if there are any change plans regarding gpgme dependency? At the moment gpgme pulls in GPLv3 software and also causes some performance issues when used with bigger distribution builds.

To approach these challenges, I've been thinking about adding alternative, build time configure option to support PKCS#7 signatures and X.509 keys. This could be implemented using GnuTLS library which has support for both PKCS#7 and of course X.509 keys/PKCS#12 (certificates).

GnuTLS has also some amount of support for OpenPGP keys in addition to PKCS#11 and TPM keys. So this could allow also some expansion towards other key types, which I need to study more.

Based on reading of the ostree sources, this doesn't seem like too intrusive or big change and could be introduced as optional feature through configure option. After thinking about various alternatives, this seemed like clean way to address those two concerns.

Before starting to work on the code, I would like to hear your opinion and feedback on these thoughts and whether such could be acceptable for inclusion in ostree?

Best regards,

        - Jussi Laako

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]