Google Git
Sign in
eclipse / equinox / rt.equinox.p2 / refs/tags/I20211103-1800
commit0b62cb8dd14b40cac16c8ecf2db864cffd975578[log] [tgz]
authorMickael Istria <mistria@redhat.com>Wed Nov 03 11:13:23 2021 +0100
committerMickael Istria <mistria@redhat.com>Wed Nov 03 07:14:24 2021 -0400
tree4a94d0350d628c1ab37771619fb3e574b533746f
parent2e790125e6e8bdce3d933f45d5a0cc107266d451 [diff]
Bug 576705 - Disable pgp.trustedPublicKeys from IUs

Only stick to trusted keys defined in profile as it's not safe to import
trusted keys from installed IUs because metadata is an attack vector
(Bug 577029)

Change-Id: I3d4c97b69d7b85a8f5aceed0c50383975f7f6f6a
Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/187264
Tested-by: Equinox Bot <equinox-bot@eclipse.org>
Reviewed-by: Mickael Istria <mistria@redhat.com>
2 files changed
tree: 4a94d0350d628c1ab37771619fb3e574b533746f
  1. bundles/
  2. examples/
  3. features/
  4. org.eclipse.equinox.p2.releng/
  5. .gitignore
  6. .project
  7. CONTRIBUTING
  8. Jenkinsfile
  9. LICENSE
  10. NOTICE
  11. pom.xml