Is there plans to sign the packages and provide repository hosting ?

CG_ForeauCG_Foreau Posts: 3 New Member

My use-case requires RPM packages for FSPM but this probably applies to other packaging formats and tools:

1 - The most pressing to me: do you plan to add RPM signing in the future (or packages in general) ? Most systems do not allow unsigned packages install as a rule and signing the packages in-house is a bit moronic as it changes the package's hash, which means that we loose the ability to verify that the package comes from F-Secure once we want to enforce its validation. See RedHat's website for instructions: https://access.redhat.com/articles/3359321 .

2 - Do you plan to host repositories ? This would truly ease updates as we could then refer to the online repository in our update scripts when offline / or in the configuration on-premise when online to get/install the latest version if we do not have version constraints.

Thanks,

Answers

  • jameschjamesch Posts: 284 Moderator

    Hi,

    I am currently checking this with our product team and shall get back to you.

    CG_Foreau
  • CG_ForeauCG_Foreau Posts: 3 New Member

    Hi,

    Do you have any update on this ?

  • jameschjamesch Posts: 284 Moderator

    Hi,

    Apologies for the delayed response.

    We actually do send our deb and rpm packages for signing, and get some sig files back. We can implement this.

  • jameschjamesch Posts: 284 Moderator

    Hi,

    1) We do not send at the moment but will implement for future versions.

    2) And answer to hosting repos: no, not planned

Sign In or Register to comment.