Random thoughts/crazy idea: Drop SSL certs
Dennis Gilmore
dennis at ausil.us
Mon Apr 27 16:45:56 UTC 2015
On Monday, April 27, 2015 04:44:37 PM Peter Robinson wrote:
> > This week-end I had a random thought, which I quickly discussed with
> > Dennis on IRC on Sunday but that I thought might be interesting to
> > discuss in a wider audience.
> >
> > The initial thought came from a text that Dennis wrote:
> > """
> > Releng tracks this data in 2 systems, 1 of which we own: Koji and Bodhi.
> > Koji uses ssl certs tied to FAS and bodhi uses FAS for authentication to
> > provide a strong relationship between a user and the content
> > """
> > Source:
> > https://fedoraproject.org/wiki/ReleaseEngineering/Philosophy#Auditable
> >
> > This has lead me to the question: Is this all what SSL certs are bringing
> > us?
> >
> > The following only works under the assumption that it is.
> > So SSL certs are basically a certain type of API token. Everyone has one,
> > specific to koji and the lookaside cache, time limited and gives us a way
> > of doing authentication and authorization server side.
>
> Are certs used for the transport interface between sigul and koji?
yes they are, there is a few certs in use in sigul and it uses them to make
encrypted tunnels inside of encrypted tunnels for sigul's core functionality,
additionally the bridge cert is used to upload teh signed rpm artifacts to
koji.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/rel-eng/attachments/20150427/c4a7220e/attachment.sig>
More information about the rel-eng
mailing list