Project

Profile

Help

Issue #2188

closed

Make GPG signature checking is called "filtering"

Added by semyers over 7 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Urgent
Assignee:
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
2.10.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation, Pulp 2
Sprint:
Sprint 7
Quarter:

Description

2.10 introduces a new feature which has been referred to as "GPG Signature Verification". The actual behavior of this feature is more along the lines of "GPG Signing Key ID Filtering"; actual gpg signatures are never verified. It needs to be made very clear in our documentation that the feature as it exists does not improve security of packages in pulp.

The changes related to this issue will most likely be grafted into the 2.10.0 release candidate, so they must consist of documentation changes only.


Related issues

Related to RPM Support - Story #1991: As a user, uploaded units which don't pass the signature check are not importedCLOSED - CURRENTRELEASEipanova@redhat.com

Actions

Also available in: Atom PDF