Project

General

Profile

Bug #6027

Product update/create calls not checking for gpg keys correctly

Added by Partha Aji almost 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
API
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

It is possible via hammer to associate gpg key belonging to a different org to product. This needs to be fixed.

Associated revisions

Revision 97a65ce1 (diff)
Added by Partha Aji almost 5 years ago

Fixes #6027 - Made product gpg update more secure

It is possible via api to associate gpg key belonging to a different
org to product.

This commit checks for gpg key readable + gpg key org association before
accepting the provided gpg key.

Revision 3a34f82a
Added by Partha Aji almost 5 years ago

Merge pull request #4198 from parthaa/product-gpg

Fixes #6027 - Made product gpg update more secure

History

#1 Updated by Partha Aji almost 5 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1103943

#2 Updated by Eric Helms almost 5 years ago

  • Target version set to 45
  • Triaged changed from No to Yes

#3 Updated by Partha Aji almost 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Applied in changeset katello|commit:97a65ce151ac5dff5b02a7de878bad8dc124f41a.

#4 Updated by Eric Helms almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 13

Also available in: Atom PDF