Is there plans to sign the packages and provide repository hosting ?

CG_Foreau

My use-case requires RPM packages for FSPM but this probably applies to other packaging formats and tools:

1 - The most pressing to me: do you plan to add RPM signing in the future (or packages in general) ? Most systems do not allow unsigned packages install as a rule and signing the packages in-house is a bit moronic as it changes the package's hash, which means that we loose the ability to verify that the package comes from F-Secure once we want to enforce its validation. See RedHat's website for instructions: https://access.redhat.com/articles/3359321 .

2 - Do you plan to host repositories ? This would truly ease updates as we could then refer to the online repository in our update scripts when offline / or in the configuration on-premise when online to get/install the latest version if we do not have version constraints.

Thanks,

Jamesch

Hi,

1) We do not send at the moment but will implement for future versions.

2) And answer to hosting repos: no, not planned

Jamesch

Hi,

I am currently checking this with our product team and shall get back to you.

CG_Foreau

Hi,

Do you have any update on this ?

Jamesch

Hi,

Apologies for the delayed response.

We actually do send our deb and rpm packages for signing, and get some sig files back. We can implement this.

CG_Foreau

Thank you for the response.

Is it already possible to download the public key that will be used to sign the packages ? If not, where will it be available ?