https://koji.fedoraproject.org is signed with an unknown certificate (extras64.linux.duke.edu)
Till Maas
opensource at till.name
Sat Oct 13 07:14:06 UTC 2007
Hello,
for two months there has been no progress on a security ticket:
https://hosted.fedoraproject.org/projects/fedora-infrastructure/ticket/88
https://koji.fedoraproject.org spits out an strange certificate instead of one
signed by an well known CA, e.g. Equifax. Can maybe someone who reads here
and did not notice this Security Bug fix this? In case there is no money
available for this, then please use at least a certificate from cacerct.org
instead of this imho nearly complete useless certificate. Also it is not very
wise to educate users (Fedora maintainers) to accept bad certificates in
Fedora's Infrastructure, so that in case there is a Man-in-the-middle attack,
e.g. on an conference with free wifi, the regarding maintainers will be
fooled.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20071013/37904b6f/attachment.bin
More information about the infrastructure
mailing list