forgejo-federation/services/packages
Gusted 45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
..
alpine Propagate install_if and provider_priority to APKINDEX (#28899) 2024-02-05 05:52:56 +00:00
cargo [BUG] Reflect Cargo index state in settings 2024-03-20 09:17:49 +01:00
cleanup remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
container remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
debian [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
rpm [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
auth.go Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
packages.go packages: skip error logging on duplicate 2024-03-24 07:12:31 +01:00