Actions
Story #8523
closedWhen syncing content from a remote, GPG signatures are checked
Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
As it stands, the remote repository sync process makes no effort to verify the GPG signature of packages or metadata in the remote repository.
RPM repositories can sign the repository metadata, the individual packages, or both.
Related issues
Updated by dalley about 3 years ago
- Is duplicate of Story #7820: As a user, Pulp is able to verify package signatures, and reject unsigned or invalidly-signed packages added
Updated by dalley about 3 years ago
- Status changed from NEW to CLOSED - DUPLICATE
Actions