CloudRouter 3.0 is a Fedora Remix. Most packages are provided by the Fedora repositories. For details on how these packages are signed, see the Fedora documentation. Additional packages such as OpenDaylight are provided by the CloudRouter repositories. These packages are signed using the CloudRouter Project key:

{% comment %} TODO for enterprise These packages are signed using the IIX Inc. signing key:

pub  4096R/56BF0300 2015-01-09 IIX Inc. <[email protected]>
Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-cloudrouter 
Download: pgp.mit.edu

{% endcomment %}

pub: 2048R/191F16B0 2015-02-10 CloudRouter Project <[email protected]>
Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUDROUTER 
Download: pgp.mit.edu

For added security, the CloudRouter Project key is stored on a hardware security module (HSM). For more details, see the blog post “Signing RPMs using the Nitrokey hardware security module (HSM)”.

Please report any security issues you find in CloudRouter to: [email protected]

Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.

{% for advisory in site.security_advisories reversed %}

{{ advisory.description }}

{{ advisory.content }}

{% for reporter in advisory.reporters %} {% assign num_issues_reported = reporter.reported | size %} Issue{% if num_issues_reported > 1 %}s{% endif %} {{ reporter.reported | join: " " }} {% if num_issues_reported > 1 %}were{% else %}was{% endif %} reported by {{ reporter.name }} of {{reporter.affiliation }}. {% endfor %}

{% endfor %}