Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signatures to integration packages for validation #726

Closed
akshay-saraswat opened this issue Sep 21, 2021 · 2 comments
Closed

Add signatures to integration packages for validation #726

akshay-saraswat opened this issue Sep 21, 2021 · 2 comments
Labels
discussion Team:Ecosystem Label for the Packages Ecosystem team

Comments

@akshay-saraswat
Copy link

We must add signatures to all of our packages so that Kibana could check the sanity of the integration packages loaded and presented to the users. Kibana loads packages with Superuser permissions. If a bad package is uploaded into Kibana, it can have costly repercussions. From the security point of view, it's a big loophole in our system.
@jlind23 jlind23 added discussion Team:Ecosystem Label for the Packages Ecosystem team labels Sep 21, 2021
@mtojek
Copy link
Contributor

mtojek commented Sep 21, 2021

I guess we have at least two other issues referring to this problem.

elastic/package-spec#46
#168

It might be good to unify this (mark duplicates) and keep the idea in the package-spec.

@jlind23 jlind23 closed this as completed Sep 21, 2021
@jlind23
Copy link
Contributor

jlind23 commented Sep 21, 2021

Closed following @mtojek comment

@jlind23 jlind23 mentioned this issue Nov 9, 2021
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion Team:Ecosystem Label for the Packages Ecosystem team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akshay-saraswat @mtojek @jlind23