Hi, new to these forums, hoping to both help and reviece help in the future.
Currently trying to structure a plan for a future server with Proxmox as the base.
To try best practices, both admin ways and security wise, therefore following the official docs.
Security is both fun and interesting, so performing 0 trust, always verify is a practice.
At the Proxmox Download Page, there is a SHA256SUM that can be verified to ensure integrity. From my memory it is often reccommended to also use GPG for web of trust, and the official page should display their GPG key publically. Is there any reason for proxmox to not use GPG keys?
No GPG fingerprint information is available at either the wiki or the docs. Does that exist? I found however enterprise.proxmox.com/iso/which shares the .ASC, but no links in the official docs/wiki.
Also https://download.proxmox.com have: net::ERR_CERT_COMMON_NAME_INVALID.
Currently trying to structure a plan for a future server with Proxmox as the base.
To try best practices, both admin ways and security wise, therefore following the official docs.
Security is both fun and interesting, so performing 0 trust, always verify is a practice.
At the Proxmox Download Page, there is a SHA256SUM that can be verified to ensure integrity. From my memory it is often reccommended to also use GPG for web of trust, and the official page should display their GPG key publically. Is there any reason for proxmox to not use GPG keys?
No GPG fingerprint information is available at either the wiki or the docs. Does that exist? I found however enterprise.proxmox.com/iso/which shares the .ASC, but no links in the official docs/wiki.
Also https://download.proxmox.com have: net::ERR_CERT_COMMON_NAME_INVALID.
