RPM 6.0 alpha released!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
We've had a bit of a team tradition to do April's Fool jokes, but this year I said, I think it's enough of a joke that we're actually releasing RPM 6.0. 

It's been a long time coming.
The RPM v4 format turns 25 this year. In this world of quarter economics churn, a quarter of a century is quite something, I think we can conclude the format has proven flexible and has served us rather well. It's also safe to say that a new format is long overdue by now. What was considered state of the art security in 2000 is either long obsolete and/or considered insecure practises, and that's really the main story behind RPM 6.0 and the new v6 format: 

- RPM defaults to enforcing signature checking (#1573)
- RPM uses the full key ID or fingerprint to identify OpenPGP keys everywhere (#2403) 
- Support for multiple OpenPGP signatures per package (#3385)
- Support for updating previously imported keys (#2577)
- Support for both RPM v4 and v6 packages
- Support for installing RPM v3 packages has been removed (#1107)
- By default, RPM no longer verifies obsolete crypto (MD5, SHA1, DSA)
- Man page overhaul (work in progress as of 6.0 alpha)
- Pristine and verifiable release tarballs (#3565) (#2702)

Further details and download information on the release notes page:

	https://rpm.org/releases/6.0.0
As usual, Fedora rawhide will be braving through the pre-releases so look there for an easy, early hands-on experience.
We don't really expect a wide-spread adoption of the v6 format during this year. The important part is that people in charge of rpm-related infrastructure can now easily get their hands on v6 packages and can start adopting their systems to work with the new format. Note that the alpha still builds v4 packages by default, so don't be lulled to think there's no work to be done.
For more background on the subject, check out my writeups on the rpm format evolution, discussion about the v6 format details (there's still some room for minor adjustment) and the road to 6.0: 
https://github.com/rpm-software-management/rpm/discussions/3349
https://github.com/rpm-software-management/rpm/discussions/2919
https://github.com/rpm-software-management/rpm/discussions/3602

On behalf of the rpm-team,

	- Panu -

_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
https://lists.rpm.org/mailman/listinfo/rpm-list
[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux