In Dublin support is planned for verifiably authentic and genuine network packages, as well as ordinary packages.
- For Dublin release, issuer certificate files will be copied to a directory in the SDC onboarding container. This has to be done separately to uploading a signed package. These issuer certificates are trusted and certificates issued by their owners will be trusted when they are processed.
- The signed package is then uploaded as normal when creating a Vendor Software Product from a network package. The package signing certificate, latest-vendor-package.cert in the diagram, is in included in the signed package, latest-vendor-package.zip in the diagram. SDC will validate this certificate using the trusted issuer certificates it has from item 1 above. If the package signing certificate is validated, it will then verify the signature of the package using this signing certificate.
