Hello, r151008 now includes signed packages, but the default signature-policy is verify, so it's still vulnerable to MITM if the attacker simply removes the signatures from the manifests.
I can run pkg set-publisher --set-property signature-policy=require-signatures omnios immediately after install from the iso to make sure any updates in the global zone are properly checked. However, when I install a zone, the zone's signature-policy is the default of verify. pkg downloads files from the IPS server, so anything in the zone's image is vulnerable. Is it possible to specify signature-policy=require-signatures for new zones in the initial configuration? Thanks, Ben _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
