On Tue, Sep 17, 2013 at 06:18:48AM -0700, jcbollinger wrote: > > > On Tuesday, September 17, 2013 1:20:40 AM UTC-5, [email protected] wrote: > > > > I want the puppetmaster can sign the manifest. avoid some guys publish > > dangerous manifest to agent. like exec{"foo": command=>"rm / -rf";} > > > > > Sure, but signed manifest code also just verifies (with reasonable > confidence but not absolute certainty) that the manifests were signed by a > particular authority. It's not qualitatively different in that respect; > it's just a question of how great your trust in the signer can or should be. >
Ahh, but many is the time I wished we had a signing mechanism for forge modules. -- -ashley Did you try poking at it with a stick? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
