Issue #20729 has been reported by Pedro Côrte-Real. ---------------------------------------- Feature #20729: Have a way to sign the catalog offline so the puppetmaster server doesn't have to be trusted https://projects.puppetlabs.com/issues/20729
* Author: Pedro Côrte-Real * Status: Unreviewed * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- As I was reviewing the security of my servers I realized that gaining root on the puppetmaster means gaining root everywhere as you can push whatever configuration you want to another server. It would be great if all the puppet resources served by the puppetmaster were signed by a private key that the puppetmaster doesn't hold so that the clients could check that key and not have to trust the puppetmaster. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
