Project

Profile

Help

Actions
Send by e-mail Copy link

Story #8523

closed

When syncing content from a remote, GPG signatures are checked

Added by cottsay about 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

As it stands, the remote repository sync process makes no effort to verify the GPG signature of packages or metadata in the remote repository.

RPM repositories can sign the repository metadata, the individual packages, or both.

Related issues

Is duplicate of RPM Support - Story #7820: As a user, Pulp is able to verify package signatures, and reject unsigned or invalidly-signed packagesCLOSED - DUPLICATE

Actions
Actions
Copy link
 #1

Updated by daviddavis about 3 years ago

  • Project changed from Pulp to RPM Support
Actions
Copy link
 #2

Updated by dalley almost 3 years ago

  • Is duplicate of Story #7820: As a user, Pulp is able to verify package signatures, and reject unsigned or invalidly-signed packages added
Actions
Copy link
 #3

Updated by dalley almost 3 years ago

  • Status changed from NEW to CLOSED - DUPLICATE
Actions
Send by e-mail Copy link

Also available in: Atom PDF