Project

General

Profile

Actions
Copy link

Bug #21069

closed

yum repo foreman-plugins installed with no security

Added by Radosław Piliszek about 7 years ago. Updated about 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
RPMs
Target version:
-
Difficulty:
trivial
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Foreman - 1.15.2
Red Hat JIRA:

Description

foreman-release installs foreman-plugins yum repo with gpgcheck=0 and baseurl with plain HTTP.

If gpg-signing packages is not feasible, then at least using HTTPS instead of plain HTTP would improve system's security with regard to installing/updating those packages.

Related issues 1 (1 open0 closed)

Is duplicate of Packaging - Feature #4788: Plugin rpms not signedNewActions
Actions
Copy link

Also available in: Atom PDF