On 01/21/2013 01:46 PM, Mgr. Peter Hudec wrote: > Hello Simon, > > we need to implement the secure way of installing the packages. > All packages in the spacewalk repo must be trusted. we tryied to satup > the SecureApt and therefor i was looging for Packages.gz, Release and > Release.gpg. > It should not be big deal to implement this into spacewalk server and > client part. > > After some tests we choose the second way, to sign the debs. It's much > more secure and it fullfill our needs without touching spacewalk code. > > Righ now there are 2 signs needed /origin, maintener/ to install the DEB > from any repository. So noboby could fake the DEB and put it into repo. > SecureApt did not solved this problem .. > > best regards > Peter
Great, signing all packages before the push is very good idea. Best regards, -- Simon Lukasik Security Technologies _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
