Merge lp:~stub/charm-helpers/fix-gpg into lp:charm-helpers
Proposed by
Stuart Bishop
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 783 | ||||
Proposed branch: | lp:~stub/charm-helpers/fix-gpg | ||||
Merge into: | lp:charm-helpers | ||||
Diff against target: |
83 lines (+38/-24) 1 file modified
charmhelpers/fetch/ubuntu.py (+38/-24) |
||||
To merge this branch: | bzr merge lp:~stub/charm-helpers/fix-gpg | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Alex Kavanagh | Approve | ||
Review via email: mp+329024@code.launchpad.net |
Description of the change
A feature of the PostgreSQL charm had stopped working, as charm-helpers was attempting to do more validation of GPG key formats and the PG charm happens to add comments to its keys so they don't get mixed up.
While fixing this, noticed that insecure usage still seems to be promoted. Clearly flag this cases in the docstring and add WARNING messages to logs when people open themselves up to attack (the key retrieval protocol is unencrypted for historical reasons and the same man-in-the-middle attack that poisons an archive can also make people trust keys retrieved this way).
To post a comment you must log in.
Looks good and passes tests.