qrkourier
commented
7 years ago Also, I really appreciate you sharing this! It's very helpful.
Closed qrkourier closed 2 years ago
qrkourier
commented
7 years ago Also, I really appreciate you sharing this! It's very helpful.
I think it will be possible to authenticate the signer of the .rpm file regardless of the download provider, and that would dramatically improve the trustworthiness of images built with this script. It might be as simple as embedding upstream's public key and adding a step to import it and changing the parameters to require data integrity and signer authenticity.