In case you’re wondering what I’ve been up to lately, here’s a quick overview.
Aside from the weekly Conary releases and the regular bug fixes, I’ve been busy trying to make Conary no longer depend on gnupg. As dumb (to re-implement gnupg) as this sounds, it gives us several advantages, one of them being the ability to customize the trust model to our liking. The lack of a good way to tie into gnupg (other than invoking gpg) is another good reason.
Look for the new code in Conary 2.0.
I thought gnupg had good libraries? Or is that just for crypto?
gnupg has no libraries, it’s command line only. There is gpgme and there’s pyme which seems to be LGPL (although the original pyme was GPL). Either way, it’s SWIG on top of gpgme. Our implementation if pure python on top of pycrypto which we use for other things too.