Is there plans to sign the packages and provide repository hosting ?
My use-case requires RPM packages for FSPM but this probably applies to other packaging formats and tools:
1 - The most pressing to me: do you plan to add RPM signing in the future (or packages in general) ? Most systems do not allow unsigned packages install as a rule and signing the packages in-house is a bit moronic as it changes the package's hash, which means that we loose the ability to verify that the package comes from F-Secure once we want to enforce its validation. See RedHat's website for instructions: https://access.redhat.com/articles/3359321 .
2 - Do you plan to host repositories ? This would truly ease updates as we could then refer to the online repository in our update scripts when offline / or in the configuration on-premise when online to get/install the latest version if we do not have version constraints.
Thanks,
Best Answer
-
Hi,
1) We do not send at the moment but will implement for future versions.
2) And answer to hosting repos: no, not planned
1
Answers
-
Hi,
I am currently checking this with our product team and shall get back to you.
1 -
Hi,
Do you have any update on this ?
0 -
Hi,
Apologies for the delayed response.
We actually do send our deb and rpm packages for signing, and get some sig files back. We can implement this.
0 -
Thank you for the response.
Is it already possible to download the public key that will be used to sign the packages ? If not, where will it be available ?
0