Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-366

rpm package are served over http

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Looking at the official options to install jenkins, I found that http://pkg.jenkins-ci.org/redhat/ is over http. The instruction also recommend to download the key over http as well, and that's the key used to sign the rpm downloaded over http as well. That's kinda insecure, since someone could make a man in the middle attack quite trivially.

      The https certificate for that server do not list the pkg vhost.

        Attachments

          Issue Links

            Activity

            misc Michael Scherer created issue -
            rtyler R. Tyler Croy made changes -
            Field Original Value New Value
            Assignee R. Tyler Croy [ rtyler ]
            abayer Andrew Bayer made changes -
            Assignee Andrew Bayer [ abayer ]
            abayer Andrew Bayer made changes -
            Labels rpm security community-bee rpm security
            rtyler R. Tyler Croy made changes -
            Labels community-bee rpm security community-bee evergreen rpm security
            rtyler R. Tyler Croy made changes -
            Rank Ranked higher
            rtyler R. Tyler Croy made changes -
            Link This issue is related to INFRA-635 [ INFRA-635 ]
            rtyler R. Tyler Croy made changes -
            Assignee Andrew Bayer [ abayer ] R. Tyler Croy [ rtyler ]
            rtyler R. Tyler Croy made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            rtyler R. Tyler Croy made changes -
            Link This issue is related to INFRA-133 [ INFRA-133 ]
            rtyler R. Tyler Croy made changes -
            Link This issue is related to INFRA-644 [ INFRA-644 ]
            rtyler R. Tyler Croy made changes -
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Closed [ 6 ]

              People

              Assignee:
              rtyler R. Tyler Croy
              Reporter:
              misc Michael Scherer
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: