[SERVER-8770] Sign RPM packages available via the 10gen yum repository - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.8, 3.1.7
Component/s: Packaging
Labels:
None

Backwards Compatibility:
Minor Change
Backport Completed:

3.0.8
Sprint:
BUILD 2 04/24/15, BUILD 4 06/05/15, Build 5 06/26/16, Build 6 07/17/15, Build 7 08/10/15, Build 8 08/31/15

Description

Packages available from 10gen yum repository (and probably all provided packages) should be signed using a GPG/PGP key. It makes it harder to compromise a yum repository (it is not enough to just replace RPM in a repo).

Attachments

Issue Links

is related to

SERVER-5455 Sign source archives (tgz, zip, etc) with a public GPG key

Closed

SERVER-14036 Ubuntu Key File belongs to Richard Kreuter

Closed

SERVER-19893 Generate packages on their own platforms

Closed

related to

DOCS-5411 securely download the mongodb packages

Closed

DOCS-7370 Add rpm signature verification to rpm package installation docs

Closed

Activity

People

Assignee:: Ernie Hershey

Reporter:: Marcin Zaj?czkowski

Participants:: Ernie Hershey, Githook User, Jakub Kramarz, Jarom Loveridge, Jason Woods, Marcin Zaj?czkowski, Michele Perucic, Tehmasp Chaudhri

Votes:: 26 Vote for this issue

Watchers:: 22 Start watching this issue

Dates

Created:: Feb 27 2013 02:07:21 PM UTC

Updated:: Nov 16 2021 01:56:43 PM UTC

Resolved:: Aug 13 2015 12:03:02 AM UTC