[ https://ovirt-jira.atlassian.net/browse/OVIRT-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=39713#comment-39713 ] Marc Dequènes (Duck) commented on OVIRT-2140: --------------------------------------------- [~accountid:557058:caa507e4-2696-4f45-8da5-d2585a4bb794] signed packages on HTTP are not safe because old releases are also valid thus it’s possible to do replay attacks by providing older and security buggy packages. it’s better but not sufficient.
enforce SSL on resources.ovirt.org ----------------------------------
Key: OVIRT-2140 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2140 Project: oVirt - virtualization made easy Issue Type: Improvement Reporter: Evgheni Dereveanchin Assignee: infra
SSL was enabled on Resources with OVIRT-1472, this ticket is to transform the non-SSL virtual hosts into redirects to the SSL version
-- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100108)