[ https://ovirt-jira.atlassian.net/browse/OVIRT-1472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=32803#comment-32803 ] Barak Korren commented on OVIRT-1472: ------------------------------------- Released RPMs are signed AFAIK, so there is nothing new to discuss about this, but there is a large amount of pre-release unsigned RPMs on resources as well and also other files which do not include built-in signing mechanisms.

Add SSL to resources.ovirt.org ------------------------------

Key: OVIRT-1472 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1472 Project: oVirt - virtualization made easy Issue Type: Improvement Components: oVirt Infra Reporter: Barak Korren Assignee: infra Priority: High

This was already requested in the past, not sure why we didn't follow up. We need to allow users to D/L packages without fear of MITM attacks. Package signing can help a little, but not everything is signed. (ISOs are not signed for example...)

-- This message was sent by Atlassian JIRA (v1000.1085.0#100052)