Feature Request: GPG Signing for Checksum Files in Brasero

Applications
1

Hello GNOME devs,

I hope this post finds you well. I am writing to propose a new feature for GNOME Brasero that I believe would enhance its functionality and security. As someone that uses it burn files for backup to DVD’s as a second option next to HDD’s it would quite nice to have. I don’t think it would be hard to incorporate either to sign the .sha256 or checksum_type (.md5, .sha1, etc.) selected after its created before burning to disks.

Currently, Brasero creates checksum files (like .sha256) to verify the integrity of burned discs. However, it would be extremely useful if Brasero could also sign these checksum files using GPG. This would provide an additional layer of security, ensuring that the checksums themselves haven’t been tampered with.

Proposed Implementation:

  1. GPG Key Selection Dialog: A dialog that allows users to select their GPG key from the keyring.
  2. Signing Behavior Options: A configuration option to choose between always signing, asking every time, or never signing the checksum files.
  3. Creating a gpg-checksums Plugin: The plugin interacts with the other plugins for signing. The plugin should should only be avialble if File Checksums and Image Checksums plugins are enabled.

Example Configuration Schema:
(The default should either be ask or never)

#define BRASERO_SCHEMA_CONFIG		"org.gnome.brasero.config"
#define BRASERO_PROPS_CHECKSUM_FILES	"gpg-checksums"

Option in plug-in preferences:
Always sign checksums
Ask every time
Never sign

<?xml version="1.0" encoding="UTF-8"?>
<schemalist>
  <schema id="org.gnome.brasero.config" path="/org/gnome/brasero/config/">
    <key name="gpg-checksums" type="s">
      <default>'ask'</default>
      <summary>GPG Signing Behavior</summary>
      <description>
        Configures the behavior for GPG signing of checksum files.
        Possible values are 'always', 'ask', and 'never'.
      </description>
    </key>
  </schema>
</schemalist>

I believe this feature would be a valuable addition to Brasero, enhancing its utility for users who prioritize security and data integrity.
I hope you strongly consider this request.

2

Brasero is not actively being maintained by anyone at the moment. There has been handful of pending MRs, which are yet to reviewed and merged. So, the chances of someone implementing the GPG feature and getting the feature reviewed / committed and released is not very bright at the moment, though things could change.

3

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.