Use RSA/DSA/EC instead of PGP signatures for official plugins #41263
Labels
:Core/Infra/Plugins
Plugin API and infrastructure
>enhancement
:Security/Security
Security issues without another label
We validate the official plugins integrity and authenticity using BouncyCastle's PGP implementation. We could stop using PGP and rather depend on something simpler like RSA/DSA/ECDSA signatures for the plugin hashes . This would allow us to
plugins-cli
The text was updated successfully, but these errors were encountered: