On Thu, 22 Jul 2021 at 10:48, Beatriz Michelson Reichert
<beatrizreichert99(a)gmail.com> wrote:
Hi, I'm Beatriz and I'm a student at the Santa Catarina State University.
Hi Beatriz and welcome to Fedora Infrastructure.
Currently, I'm studying the Fedora Release Life Cycle, and would
like to know if anyone could help me with some questions about this subject:
I understand that the services used to build composes (e.g., Koji, Bodhi, Pungi) use TLS.
But it was unclear whether these certificates are generated internally or whether they are
generated by a public CA (e.g., letsencrypt).
Do clients use the trust anchors from the ca-certificates package or do they have a list
of their own?
When you say 'use TLS' what parts are you meaning? Most of the
connections go through dedicated proxies so are using the same
certificates you see at
https://koji.fedoraproject.org/koji/
https://kojipkgs.fedoraproject.org//work/
so would be using the Digicert certs. I am not sure about other places
in the infrastructure and how they interact. The release engineers and
security officer would know better.
--
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on BBS...
time to reboot.