news
Re-designing signing in Fedora
Quoting: Re-designing signing in Fedora —
Over the past few months I’ve spent some time on-and-off working on Sigul and some related tools. In particular, I implemented most of a new Sigul client, primarily to enable the sigul-pesign-bridge to run on recent Fedora releases (since the sigul client relies on python-nss, which is not in Fedora anymore).
At this point, I have a reasonably good understanding of how Sigul works. Originally, my plan was to completely re-implement the client, then the bridge, and finally the server using the existing Sigul protocol, version 1.2, as defined by the Python implementation. However, as I got more familiar with the implementation, I felt that it would be better to use this opportunity to also change the protocol. In this post I’m going to cover the issues I have with the current protocol and how I’d like to address them.
Note: I assume you’ve read how artifacts are signed in Fedora in the post.