libmamba: Add conda-content-trust support to not bypass signature verification in conda >= 23.10 #123

westurner · 2024-04-27T02:59:44Z

Conda Security Practices > "Enabling conda signature verification"
https://docs.anaconda.com/pro/security/#enabling-conda-signature-verification
- ```
conda install "conda>=4.10.1" "conda-token>=0.3.0" conda-content-trust
conda token set --enable-signature-verification <YOUR_PRODUCT_TOKEN>
```
  Conda version 23.10+ uses libmamba as the default solver, which bypasses signature verification. If you are using conda 23.10 or later, you must configure your .condarc file to use the classic environment solver by running the following command:
  conda config --set solver classic

The text was updated successfully, but these errors were encountered:

This was referenced Apr 27, 2024

ENH,SEC: Add conda-content-trust support to not bypass signature verification in conda >= 23.10 mamba-org/mamba#3283

Open

📣 looking for contributors CycloneDX/cyclonedx-conda#1

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

libmamba: Add conda-content-trust support to not bypass signature verification in conda >= 23.10 #123

libmamba: Add conda-content-trust support to not bypass signature verification in conda >= 23.10 #123

westurner commented Apr 27, 2024

libmamba: Add conda-content-trust support to not bypass signature verification in conda >= 23.10 #123

libmamba: Add conda-content-trust support to not bypass signature verification in conda >= 23.10 #123

Comments

westurner commented Apr 27, 2024