Opened 4 months ago

Last modified 3 months ago

#1429 assigned Bug / Defect

Fix Fedora Copr instructions in the OpenvpnSoftwareRepos doc

Reported by: a13x Owned by: David Sommerseth
Priority: trivial Milestone:
Component: Documentation Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Hello!

The Wiki offers to install OpenVPN software from Fedora Copr:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos

Actually, adding such a repository is not recommended since it breaks the supply chain security on that system.

The Open Source Security Foundation (OpenSSF, https://openssf.org/) is doing a lot to persuade the community that the supply chain is important. That is especially true for OpenVPN software, which is critical for information security.

I would recommend adding a proper disclaimer to the Wiki chapter about Fedora Copr usage or at least add a detailed description of how to check the OpenVPN package signatures.

Thanks!
Alexander

Change History (1)

comment:1 Changed 3 months ago by Gert Döring

Owner: set to David Sommerseth
Status: newassigned

Assigning to the Fedora maintainer, @dazo...

Note: See TracTickets for help on using tickets.