IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

docs: fixing OPENTOFU_ENFORCE_GPG_VALIDATION (#671)

Browse Source 
Signed-off-by: Michael Di Prisco <cadienvan@gmail.com>
This commit is contained in:
Michael Di Prisco 2023-10-06 14:59:59 +02:00 committed by GitHub
parent 23dd5a8a42
commit 570ee9efdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -7,7 +7,7 @@ IMPORTANT NOTES:
- **Key Availability**: GPG validation will be skipped when and only when the provider's GPG keys are not available in the default registry.
- **Temporary Measure**: This is a stopgap measure until GPG keys for all providers can be populated in the default registry.
While this offers operational flexibility, it does reduce the level of security assurance for affected packages. Users who prioritize security should set the `OPENTF_ENFORCE_GPG_VALIDATION` environment variable to `true` to enforce GPG validation of all providers.
While this offers operational flexibility, it does reduce the level of security assurance for affected packages. Users who prioritize security should set the `OPENTOFU_ENFORCE_GPG_VALIDATION` environment variable to `true` to enforce GPG validation of all providers.
**Future Removal**: We intend to remove this feature once all GPG keys are populated in the default registry, reverting to a strict GPG validation process for all providers.