Eric Helms

Do you think you could add a test case for this? We have certificate fixtures where we generate different of these failing scenarios (https://github.com/theforeman/foreman-installer/blob/develop/spec/fixtures/katello-certs-check/create_cert.sh) and then we test that the...

> I'm not sure I like enabling mod_security by default, especially for such a small thing. Could you elaborate why this is a good idea? I am curious about both...

These are great points. And I agree the OPTIONS being a vulnerability is questionable given the open source nature of our project and the fact that it doesn't prevent an...

> Your suggestion to implement security measures at the application layer is intriguing. Do you have any references or resources you could recommend for further investigation into this approach? I...

We have decided not to implement this due to the reasons stated above.

@ekohl As the pipeline is merged, can this come out of draft and considered for merge now?

This change will require a specfile update (new dependency), and thus I don't think the packit build step will ever pass on the PR.

> @ehelms doesnt the packaging update (was merged already) take care of that? The packaging PR (https://github.com/theforeman/foreman-packaging/pull/11048/files) adds the package but does not update Foreman to require the package. Thus...

> this uses [a rather hackish patch to `puppet-katello`](https://github.com/theforeman/puppet-katello/commit/frankenstein) to achieve the following: > * generate all certs Oh look... more fun code that was attempting what you wanted way...

I don't want to lose track of some changes I was testing on your frankenstein class in puppet-katello and made these updates: ``` $katello_server_ca_cert = $certs::ca::server_ca_path include trusted_ca trusted_ca::ca {...