Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6302

SOP migration (was Re: Reaction to potential PGP schism)

Cross-posted to 2 groups.

Show all headers | View raw

Hi!

Daniel thanks for all your work on the OpenPGP working group,
and on SOP! :)

On Wed, 2023-12-20 at 22:16:28 -0500, Daniel Kahn Gillmor wrote:
> # What Can Debian Do About This?
> 
> I've attempted to chart one possible path out of part of this situation
> by proposing a minimized, simplified interface to some common baseline
> OpenPGP semantics -- in particular, the "Stateless OpenPGP" interface,
> or "sop", as documented here:
> 
>    https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

> If your part of Debian's infrastructure depends on GnuPG, consider
> making it depend on a sop implementation instead, so we don't end up
> stuck on a single OpenPGP implementation in the future.  If the sop
> semantics are insufficient for your purposes, please report your needs
> at https://gitlab.com/dkg/openpgp-stateless-cli !

I think this is the way to go, and to try to support that goal I
started a wiki page to track what might need to be switched:

https://gitlab.com/dkg/openpgp-stateless-cli/-/wikis/Stateless-OpenPGP-status

I listed there some potential issues I could come up with for such
migrations. Also at the time, something that felt like a soft blocker
was that the schism was not widely known, so having to give that full
context first for every contacted project seemed a bit awkward, which
now should be out of the way, and a reference to some of the published
articles should be enough.

Time and energy permitting, I'd like to start at least filing issues
for these projects, and ideally provide patches. Help with any of that
would be highly appreciated! Including how to best integrate SOP into
a distribution (I'll be updating one of the tickets for a potentially
better «alternatives» usage pattern).

Also if a project uses perl, and using the Dpkg::OpenPGP modules would
make sense there, please reach out so that we can see what might be
missing so that they can be stabilized to make them public interfaces.

Thanks,
Guillem

Back to linux.debian.security | Previous | Next — Previous in thread | Find similar

Thread

Reaction to potential PGP schism Stephan Verbücheln <verbuecheln@posteo.de> - 2023-12-14 11:40 +0100
  Re: Reaction to potential PGP schism Pierre-Elliott Bécue <peb@debian.org> - 2023-12-14 17:00 +0100
  Re: Reaction to potential PGP schism Joerg Jaspert <joerg@debian.org> - 2023-12-14 23:10 +0100
  Re: Reaction to potential PGP schism Daniel Kahn Gillmor <dkg@fifthhorseman.net> - 2023-12-21 04:30 +0100
    Re: Reaction to potential PGP schism Christoph Biedl <debian.axhn@manchmal.in-ulm.de> - 2023-12-21 09:30 +0100
      Re: Reaction to potential PGP schism Meso Security <MesoSecurity@protonmail.ch> - 2023-12-21 10:00 +0100
      Re: Reaction to potential PGP schism Stephan Verbücheln <verbuecheln@posteo.de> - 2023-12-21 14:00 +0100
    Re: Reaction to potential PGP schism Gioele Barabucci <gioele@svario.it> - 2023-12-21 11:20 +0100
      Re: Reaction to potential PGP schism Daniel Kahn Gillmor <dkg@fifthhorseman.net> - 2023-12-22 00:50 +0100
    Re: Reaction to potential PGP schism Enrico Zini <enrico@enricozini.org> - 2023-12-21 11:40 +0100
    Re: Reaction to potential PGP schism Cyril Brulebois <kibi@debian.org> - 2023-12-22 02:30 +0100
    SOP migration (was Re: Reaction to potential PGP schism) Guillem Jover <guillem@debian.org> - 2024-01-03 20:00 +0100

csiph-web