https://pkgs.fedoraproject.org uses self-signed certificates?
gilboad at gmail.com
Wed Oct 1 16:47:55 UTC 2014
On Wed, Oct 1, 2014 at 3:41 PM, Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Wed, Oct 01, 2014 at 03:02:34PM +0300, Gilboa Davara wrote:
>> When trying to download my package source files from pkgs.fedoraproject.org
>> I'm getting self-signed SSL certificates (see details below).
>> While it's most likely a minor infrastructure issue, I'd suggest exercising
>> caution when downloading sources from pkgs.fedoraproject.org.
>> I've also sent an email to admin at fedoraproject.org.
> Take a look at https://fedorahosted.org/fedora-infrastructure/ticket/2324
> The certificate in use is issued by Fedora's CA and the server cert can be
> obtained via https with a publicly-signed cert at
> As I understand it, this is directly verified by some of our infrastructure
> which uses pkgs.fedoraproject.org, and although the ticket above outlines a
> migration plan, it hasn't become a priority.
OK. Thanks for the info.
I believe me original message left something out. I'm using
Firefox/wget to download the sources (E.g.
https://pkgs.fedoraproject.org/repo/pkgs/icewm/) of my packages, and
both shout like crazy about the self-signed certificates. Somehow I
never got a self signed cert before. Go figure.
Guess I'll have to stick to using fedpkg for the time being.
Thanks again for the info and sorry for the noise.
More information about the devel