Actions
Bug #11359
closedSign discovery images using GPG
Status:
Closed
Priority:
Normal
Assignee:
Category:
Image
Target version:
Description
The foreman discovery plugin says to verify the checksums by having you cat the included file and then run sha256sum over the files. I suppose this helps if you want to verify that it didn't get corrupted by the download. However, if someone was going to hack into the site and replace the tars, don't you think they'd replace the included SHA256SUM as well? I cannot find the expected sums anywhere online. The wiki page shows sums in the instructions [[http://theforeman.org/plugins/foreman_discovery/3.0/index.html#2.3.3Verifychecksums]], but they are obviously examples, as they are the same for every version.
Actions