On Wed, Nov 23, 2016, at 12:10 PM, Kevin Fenzi wrote:
I suppose thats workable if all the stakeholders agree.
To confirm, are you agreeing with:
So I'd propose pinning to a 3 set of CAs:
- Digicert
- Some other well-regarded CA vendor
- A Fedora-infra custom CA (doesn't have to be deployed, just a
backup plan)
You were arguing earlier to pin to just digicert I think (though
I can't find that now).
We could probably move forward with Digicert + 1-2 other
vendors as well. Maybe to be conservative 2. We can easily
add a custom CA to the set as well at any point.