Panu Matilainen wrote:
On my F33 laptop, there are 331284 rpm-installed files. The IMA
signature as proposed is apparently 162 bytes per file in the
hex-encoded format, this makes for approximately 51 megabytes of data.
My rpmdb is about 115 megabytes. That'd be almost 45% increase in size!
And this would be on EVERYBODY's database whether you use the feature or
not, also slowing down every single rpm query somewhat as a whole lot
more data has to be pulled from disk, and there's no way to get rid of
the weight once its there. The height of the insult is that the data is
essentially useless in the rpmdb, it's only relevant during
installation, for the (presumably few) people who actually enable the
feature. And of course that extra weight in every single package is
carried around in mirrors and each and every package download too, again
whether you use the feature or not.
What the IMA feature really needs is a redesign to avoid inflicting this
cost on everybody whether you use the feature or not, but the
low-hanging fruit is the encoding: the hex encoding is just about the
most stupid format there is for such a purpose, when base64 encoded the
same data is ~38% of the size of the hex encoding, which brings down the
IMA data size in the above figures to ~19 megabytes and ~17% increase in
rpmdb size, which is a lot of data still but a lot less anyhow.
IMHO, this overhead is entirely unacceptable. Even using base64 would still
be too expensive. This Change should just be permanently rejected (not just
for F34 as it already was).
I disagree that centrally signed individual files are a desirable feature at
all. It is already clear that the vast majority of users will have no use
for this feature and will not have it enabled. Hence, I do not see why we
should be paying for it with any kind of overhead. Not even if it were only
the overhead of infrastructure having to sign all those files and mirrors
having to carry an external database.
Kevin Kofler