As a user, I am assured that Pulp is downloading trusted manifests
The v2 manifest has support for cryptographic signatures. For this story, we need to learn how those signatures work and add support to the importer to verify the signatures of the downloaded manifests.
- Add support to the importer to validate the signatures
- Consider whether this validation should be optional
- Add support to pulp-admin
Updated by bmbouter almost 4 years ago
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.