wildfly-proposals icon indicating copy to clipboard operation
wildfly-proposals copied to clipboard

Published 20 hours ago verified publisher icon wildfly

Verify signatures of WildFly components during provisioning and updates.

Open spyrkob opened this issue 3 months ago • 0 comments

Description

The wildfly-channels and prospero allow to provision and update WildFly server using components downloaded from Maven repositories.

This proposal aims to add support for validating detached GPG signatures of those components to ensure the origin of downloaded artifacts and protect against malicious artifacts.

Issue Contact

spyrkob

spyrkob avatar Oct 29 '24 17:10 spyrkob