Random thoughts/crazy idea: Drop SSL certs
Dennis Gilmore
dennis at ausil.us
Mon Apr 27 16:43:38 UTC 2015
On Monday, April 27, 2015 03:45:00 PM Pierre-Yves Chibon wrote:
> Good morning everyone,
>
> This week-end I had a random thought, which I quickly discussed with Dennis
> on IRC on Sunday but that I thought might be interesting to discuss in a
> wider audience.
>
> The initial thought came from a text that Dennis wrote:
> """
> Releng tracks this data in 2 systems, 1 of which we own: Koji and Bodhi.
> Koji uses ssl certs tied to FAS and bodhi uses FAS for authentication to
> provide a strong relationship between a user and the content
> """
> Source:
> https://fedoraproject.org/wiki/ReleaseEngineering/Philosophy#Auditable
>
> This has lead me to the question: Is this all what SSL certs are bringing
> us?
It does a two way authentication/authorisation. apache on the server side
validates that the cert is signed by our CA and not revoked. while on the
client side koji at least. I would need to double check that fedpkg does for
lookaside cache, verifies that that server cert is signed by the appropriate
CA and is not revoked also.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/rel-eng/attachments/20150427/194d6ab7/attachment-0001.sig>
More information about the rel-eng
mailing list