Hi Jason,
On Fri, May 16, 2014 at 6:16 PM, Jason Woods <[email protected]> wrote: > Hi, > > I followed installation at: > https://www.varnish-cache.org/installation/redhat > > But noticed that the GPG signature checking of the RPMs was not enabled, > and the RPMs were transferred over plaintext HTTP! > I did re-enabled the signature checking but it seems none of the packages > are actually signed. > The repo does talk HTTPS at this point so you can switch to SSL, giving you transport level security at least. Are there plans to sign the packages? As I'm unable to use them in this > state. > I did find references to "signing corrupts the packages" - maybe I could > offer help looking into the problem? It would be really useful to have them > signed. > Last time it was enabled we have spurious corruption of the whole RPM database when the packages where installed. Nobody ever managed to actually track this down and we left out the signing. Lasse might have more information wrt to the state of the packages right now. I know he has been working on the RPMs quite a bit lately. Per. -- <http://www.varnish-software.com/> *Per Buer* CTO | Varnish Software Phone: +47 958 39 117 | Skype: per.buer We Make Websites Fly! Winner of the Red Herring Top 100 Global Award 2013
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
