I recently sent to the kernel mailing lists a patch set to support
PGP keys and signatures.
Other than allowing the appraisal of RPM headers without
changes to the building infrastructure, it would also simplify
key management for the use cases requiring file or fsverity
signatures (no need for a secondary key).
This is the link of the patch set:
One point of the discussion was if there is the need to support
PGP in the kernel, or if a distribution should adapt its key
management to be compatible with key types currently available
in the kernel.
It would be great if you could comment on this patch set, from
the perspective of people managing a Linux distribution. Also,
any thought related to the patch set would be appreciated.
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Zhong Ronghua