On 12/22/21 17:33, Michael Ströder wrote:
Is it possible to make ansible-galaxy invoke 'git verify-tag' with a
locally configured GPG public key on tags specified as version: in
requirements.yml?
Hmm, seems there is no such thing yet:
https://github.com/ansible/proposals/issues/36
How does ansible users here deal with ansible collections/roles pulled
from remote resources? Just trust that nobody tampered with the software
repos?
As a work-around it would be possible for git-based resources to use
git clone ...
git verify-tag ...
and then let ansible-galaxy load collections/roles from the locally
pulled git repo.
Opinions?
Ciao, Michael.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ce9a45f0-458e-32aa-5b5b-c03e3de68c6d%40stroeder.com.
