Opened 3 years ago
Last modified 3 years ago
#1429 assigned Bug / Defect
Fix Fedora Copr instructions in the OpenvpnSoftwareRepos doc
Reported by: | a13x | Owned by: | David Sommerseth |
---|---|---|---|
Priority: | trivial | Milestone: | |
Component: | Documentation | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hello!
The Wiki offers to install OpenVPN software from Fedora Copr:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
Actually, adding such a repository is not recommended since it breaks the supply chain security on that system.
The Open Source Security Foundation (OpenSSF, https://openssf.org/) is doing a lot to persuade the community that the supply chain is important. That is especially true for OpenVPN software, which is critical for information security.
I would recommend adding a proper disclaimer to the Wiki chapter about Fedora Copr usage or at least add a detailed description of how to check the OpenVPN package signatures.
Thanks!
Alexander
Change History (1)
comment:1 Changed 3 years ago by
Owner: | set to David Sommerseth |
---|---|
Status: | new → assigned |
Assigning to the Fedora maintainer, @dazo...