agent icon indicating copy to clipboard operation
agent copied to clipboard

Published 20 hours ago verified publisher icon stackabletech

Add checksum validation to downloading of archives

Open soenkeliebau opened this issue 4 years ago • 1 comments

Currently the agent does not perform any checksum verification when downloading packages from a repository. We should at least verify one of the checksums that are provided in the metadata.json file. Ideally we'd also provide a crypto signature for the metadata file that is signed with the stackable PGP key to ensure the signatures have not been tampered with.

soenkeliebau avatar Mar 10 '21 09:03 soenkeliebau

Blocked by packaging discussion

soenkeliebau avatar May 27 '21 08:05 soenkeliebau