Hi, I'm Beatriz and I'm a student at the Santa Catarina State University.

Currently, I'm studying the Fedora Release Life Cycle, and would like to know if anyone could help me with some questions about this subject:

1. I understand that the services used to build composes (e.g., Koji, Bodhi, Pungi) use TLS. But it was unclear whether these certificates are generated internally or whether they are generated by a public CA (e.g., letsencrypt).
2. Do clients use the trust anchors from the ca-certificates package or do they have a list of their own?

--

Best regards,