cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update

This commit is contained in:
Joey Hess 2014-11-18 18:58:47 -04:00
parent 7299cd7320
commit 95fda710cb
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/security.mdwn
View File

@ -6,13 +6,13 @@ The only trusted machine is the laptop where you run `propellor --spin`
to connect to a remote host. And that one only because you have a ssh key
or login password to the host.
Since the hosts propellor deploys are not trusted by the central git
repository, they have to use git:// or http:// to pull from the central
git repository, rather than ssh://.
Since the hosts propellor deploys do not trust the central git repository,
and it doesn't trust them, it's normal to use git:// or http:// to pull
from the central git repository, rather than ssh://.
So, to avoid a MITM attack, propellor checks that any commit it fetches
from origin is gpg signed by a trusted gpg key, and refuses to deploy it
otherwise.
Since propellor doesn't trust the central git repository, it checks
that any commit it fetches from it is gpg signed by a trusted gpg key,
and refuses to deploy it otherwise.
That is only done when privdata/keyring.gpg exists. To set it up: