[JIRA] (OVIRT-1472) Add SSL to resources.ovirt.org
Barak Korren (oVirt JIRA)
jira at ovirt-jira.atlassian.net
Fri Jun 23 09:22:11 UTC 2017
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=32803#comment-32803 ]
Barak Korren commented on OVIRT-1472:
-------------------------------------
Released RPMs are signed AFAIK, so there is nothing new to discuss about this, but there is a large amount of pre-release unsigned RPMs on resources as well and also other files which do not include built-in signing mechanisms.
> Add SSL to resources.ovirt.org
> ------------------------------
>
> Key: OVIRT-1472
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1472
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Components: oVirt Infra
> Reporter: Barak Korren
> Assignee: infra
> Priority: High
>
> This was already requested in the past, not sure why we didn't follow up. We need to allow users to D/L packages without fear of MITM attacks.
> Package signing can help a little, but not everything is signed. (ISOs are not signed for example...)
--
This message was sent by Atlassian JIRA
(v1000.1085.0#100052)
More information about the Infra
mailing list