This repository has been archived by the owner on May 10, 2024. It is now read-only.

User trusted GPG keys #291

Open

blackandred opened this issue Feb 26, 2023 · 0 comments

Labels

Contributor

blackandred commented Feb 26, 2023

In order to increase the upload endpoint security we may introduce a list of trusted GPG keys on server side in the User profile.

A public GPG key could allow verify uploader before the upload.
Additionally we can try to validate the uploaded file - if it would be not too much overhead to e.g. validate the first X bytes or the header

blackandred added the security label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.