Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.6.0-rc1
Affects Version/s: None
Component/s: Packaging, Security
Labels:
- PKI
- archive
- download
- signing

Backwards Compatibility:
Fully Compatible
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

=== Task ===
Check integrity and authenticity of the downloaded source archive.

=== Description ===
You could create a hash (e.g. sha256) of the archive and place it in a file available for download with the archive.
Then this file containing a hash has to be signed with a trusted GPG key (for example, anything PKI is good), making the public key widely available.
That way one could verify the integrity of the file and authenticity of the file.

is related to

SERVER-4808 Provide repo downloads of older versions of packages

Closed

related to

SERVER-8770 Sign RPM packages available via the 10gen yum repository

Closed

links to

https://github.com/10gen/mongodb-www/pull/25

Assignee:: Ernie Hershey (Inactive)
Reporter:: B?a?ej Pawlak
Participants:: B?a?ej Pawlak, Ernie Hershey, Githook User, Scott Hernandez
Votes:: 4 Vote for this issue
Watchers:: 12 Start watching this issue

Created:: Mar 30 2012 07:02:50 AM UTC
Updated:: Oct 26 2015 11:49:34 PM UTC
Resolved:: Mar 04 2014 09:38:00 PM UTC
Confidence Status Last Update:: 27/Feb/14 2:53 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates