On Monday, April 27, 2015 03:45:00 PM Pierre-Yves Chibon wrote:
Good morning everyone,
This week-end I had a random thought, which I quickly discussed with Dennis
on IRC on Sunday but that I thought might be interesting to discuss in a
wider audience.
The initial thought came from a text that Dennis wrote:
"""
Releng tracks this data in 2 systems, 1 of which we own: Koji and Bodhi.
Koji uses ssl certs tied to FAS and bodhi uses FAS for authentication to
provide a strong relationship between a user and the content
"""
Source:
https://fedoraproject.org/wiki/ReleaseEngineering/Philosophy#Auditable
This has lead me to the question: Is this all what SSL certs are bringing
us?
It does a two way authentication/authorisation. apache on the server side
validates that the cert is signed by our CA and not revoked. while on the
client side koji at least. I would need to double check that fedpkg does for
lookaside cache, verifies that that server cert is signed by the appropriate
CA and is not revoked also.
Dennis