Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cli option / config to provide trusted gpg key IDs #69

Closed
theseer opened this issue Jul 18, 2016 · 1 comment
Closed

Add cli option / config to provide trusted gpg key IDs #69

theseer opened this issue Jul 18, 2016 · 1 comment
Assignees
@theseer
Milestone
0.6.0

Comments

@theseer
Copy link
Member

theseer commented Jul 18, 2016

In fully automated environments being required to interactively acknowledge the import of gpg keys is not a viable option. Instead of silently auto-importing unknown keys - which would be a security nightmare - a list of trusted key IDs should be provided.

See #66 for discussion.
@theseer theseer mentioned this issue Jul 18, 2016
Closed
@theseer theseer self-assigned this Jul 25, 2016
theseer added a commit that referenced this issue Jul 28, 2016
@theseer
Implement #69
75ae5bf
@theseer
Copy link
Member Author

theseer commented Jul 28, 2016
edited

We decided that having a configuration option in best case would be superfluous as it is equal to having the keys already imported into the keyring. Worse, it could be a security threat if specified by the phive.xml of a malicious project, auto-importing bad keys that then would automatically be trusted.

Thus, with having the cli option only, this feature would be considered implemented.

@theseer theseer closed this as completed Jul 28, 2016
@sebastianheuer sebastianheuer added this to the 0.6.0 milestone Jul 29, 2016
@mihai-stancu mihai-stancu mentioned this issue Mar 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theseer theseer

Labels
None yet
Projects
None yet
Milestone
0.6.0
Development

No branches or pull requests
2 participants
@theseer @sebastianheuer