https://pkgs.fedoraproject.org uses self-signed certificates?

Gilboa Davara gilboad at gmail.com
Wed Oct 1 16:47:55 UTC 2014


On Wed, Oct 1, 2014 at 3:41 PM, Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Wed, Oct 01, 2014 at 03:02:34PM +0300, Gilboa Davara wrote:
>> When trying to download my package source files from pkgs.fedoraproject.org
>> I'm getting self-signed SSL certificates (see details below).
>> While it's most likely a minor infrastructure issue, I'd suggest exercising
>> caution when downloading sources from pkgs.fedoraproject.org.
>> I've also sent an email to admin at fedoraproject.org.
>
> Take a look at https://fedorahosted.org/fedora-infrastructure/ticket/2324
>
> The certificate in use is issued by Fedora's CA and the server cert can be
> obtained via https with a publicly-signed cert at
> https://admin.fedoraproject.org/accounts/fedora-server-ca.cert
>
> As I understand it, this is directly verified by some of our infrastructure
> which uses pkgs.fedoraproject.org, and although the ticket above outlines a
> migration plan, it hasn't become a priority.
>

OK. Thanks for the info.
I believe me original message left something out. I'm using
Firefox/wget to download the sources (E.g.
https://pkgs.fedoraproject.org/repo/pkgs/icewm/) of my packages, and
both shout like crazy about the self-signed certificates. Somehow I
never got a self signed cert before. Go figure.

Guess I'll have to stick to using fedpkg for the time being.

Thanks again for the info and sorry for the noise.
- Gilboa


More information about the devel mailing list