I'm looking for a developer who can help customize the client Agent, and also the server side if necessary, or create a plugin to achieve the result described below. Of course we are willing to pay for develop this feature.
We don't want unauthorized person to use software to deliver malicious code to client machines, so we would like to make more secure the deploy process.
The idea is this:
The storage for the packages would be on another server (deployment server), on a separated machine from the OCS server.
For the OCS server the storage would be writable only for the period we create a package.
To be sure that nothing harmful was added to the package by the server, (assuming that malicious code may run backgound in the OCS server and adds some code to the package) we want to do a package control test on a test machine by unpacking the content and compare with the original ZIP file which was uploaded during the package cration.
After the verification is okay, deploy to all of the client computers is allowed.
If we assume that someone took control over the OCS server, can create new package and send to the clients.
But if in the clients config would be a few parameters to prevent accepting packages to dowload from the OCS server and only accept dowload from predetermined location.
Something like this: