[Spacewalk-list] debian repository and Release file

[Simon Lukasik]

On 01/21/2013 01:46 PM, Mgr. Peter Hudec wrote:
> Hello Simon,
> 
> we need to implement the secure way of installing the packages.
> All packages in the spacewalk repo must be trusted. we tryied to satup
> the SecureApt and therefor i was looging for Packages.gz, Release and
> Release.gpg.
> It should not be big deal to implement this into spacewalk server and
> client part.
> 
> After some tests we choose the second way, to sign the debs. It's much
> more secure and it fullfill our needs without touching spacewalk code.
> 
> Righ now there are 2 signs needed /origin, maintener/ to install the DEB
> from any repository. So noboby could fake the DEB and put it into repo.
> SecureApt did not solved this problem ..
> 
>     best regards
>         Peter

Great, signing all packages before the push is very good idea.

Best regards,

-- 
Simon Lukasik
Security Technologies