On Thu, Nov 19, 2009 at 18:25, Mike McGrath <mmcgrath@redhat.com> wrote:
On Fri, 20 Nov 2009, Mathieu Bridon (bochecha) wrote:

> Hi,
>
> > 20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/ and notifications during F-13 life cycle
> > 20:26 < ricky> PKI would be nice too :-)
> > 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting
> > 20:26 < mmcgrath> #idea updating koji auth and notifications
> > 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done by january)
> > 20:26 < mmcgrath> :-P
> > 20:26  * ricky runs
> [snip]
> > 20:28 < smooge> pki?
> > 20:28 < smooge> sorry.. will talk off chan
> > 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual
> > 20:28 < mmcgrath> and not fun to manage :)
>
> Not sure that's what you're looking for, but the guys I work with have
> created this neat Python module to handle CAs and certs:
> http://bitbucket.org/faide/pki/
>
> It's free software (MIT or PSF).
>

I think anything helps, we've been looking at dogtag for a while but
nothing has materialized yet.  It's good to keep our options open.


I played with koji a while back, and one thought that I had at the time was about getting it to work with certmaster.   I would think that based on the description from its product page that it would meet the conceptual requirements:

From https://fedorahosted.org/certmaster/
When I've looked at certmaster in the past I personally felt it needed a touch more configuration to allow for the actual signing of certificates by multiple applications, but a good frame work is in place, and its works fairly well for func.

One part I know it is definitely lacking is the user certificates.

-greg