https://bugzilla.redhat.com/show_bug.cgi?id=2291065
Heiko Schaefer heiko.schaefer@posteo.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |heiko.schaefer@posteo.de
--- Comment #3 from Heiko Schaefer heiko.schaefer@posteo.de --- Hello Fabio, Larvitz,
I am a co-author of the crates in question.
@Fabio, good point that from a packaging perspective depending on pre-release versions is not ideal, thanks. All current releases of the applications use stable dependencies (and going forward I won't make application releases with stable version numbers and pre-release dependencies).
I see no reason why shipping both rPGP and Sequoia-PGP would be any different in principle to shipping both OpenSSL and GnuTLS. If you have additional pointers on why depending on rPGP is a problem for packaging, I'd appreciate your input.
As context for onlookers: rPGP is a pure Rust implementation of the OpenPGP standard. It has received independent security audits (see https://github.com/rpgp/rpgp/blob/main/docs/SECURITY_STATUS.md), is loosely affiliated with the Rust Crypto project, and has seen long-term real world use in https://delta.chat/ by a significant user base, including at-risk populations.
Thanks, Heiko