Thread: Secure and verified way to get the Postgresql RPM's

Secure and verified way to get the Postgresql RPM's

From

Luitzen van Gorkum

Date:

20 October 2014, 13:33:20

LS,

My company has the policy only to use secure verified software from the
Internet. Therefore I've two questions for you:

1) Is the a secure way to get the GPG key for the postgresql software?
Currently this is only down-loadable from your public website without a
way to verify this is indeed the one and only postgresql source.

2) Can you guarantee that software from your unsigned website is indeed
the one and only software you provide?

Kind regards, Luitzen van Gorkum

Re: Secure and verified way to get the Postgresql RPM's

From

Devrim Gündüz

Date:

23 October 2014, 00:07:58

Hi,

This is currently in discussion with infrastructure team, to serve the
RPMs on https. I will keep you updated.

Regards, Devrim
On Mon, 2014-10-20 at 11:40 +0200, Luitzen van Gorkum wrote:
> LS,
>
> My company has the policy only to use secure verified software from the
> Internet. Therefore I've two questions for you:
>
> 1) Is the a secure way to get the GPG key for the postgresql software?
> Currently this is only down-loadable from your public website without a
> way to verify this is indeed the one and only postgresql source.
>
> 2) Can you guarantee that software from your unsigned website is indeed
> the one and only software you provide?
>
> Kind regards, Luitzen van Gorkum
>
>
>


--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

Attachment

signature.asc