Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Distribute Raven keys in mod_ucam_webauth (and other) packages #13

Open
jw35 opened this issue May 22, 2017 · 0 comments
Open

Distribute Raven keys in mod_ucam_webauth (and other) packages #13

jw35 opened this issue May 22, 2017 · 0 comments

Comments

@jw35
Copy link

jw35 commented May 22, 2017

The lack of keys in packages confuses people. The logic of excluding them was that for security the people installing the package should separately acquire and verify the keys rather than trusting a potentially dodgy, perhaps unsigned package.

But there a fair argument that if the package is dodgy then you've lost anyway because the key verification code may itself have been compromised.

RAVEN106 in master TODO list

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant