Till Maas wrote:
Hello,
for two months there has been no progress on a security ticket:
https://hosted.fedoraproject.org/projects/fedora-infrastructure/ticket/88
https://koji.fedoraproject.org spits out an strange certificate instead of one
signed by an well known CA, e.g. Equifax. Can maybe someone who reads here
and did not notice this Security Bug fix this? In case there is no money
available for this, then please use at least a certificate from cacerct.org
instead of this imho nearly complete useless certificate. Also it is not very
wise to educate users (Fedora maintainers) to accept bad certificates in
Fedora's Infrastructure, so that in case there is a Man-in-the-middle attack,
e.g. on an conference with free wifi, the regarding maintainers will be
fooled.
This isn't actually causing any practical problems so I've been ignoring
it. As far as man in the middle attack... someone will think they've
submitted a build but haven't? either way I'll submit a purchase
request for the cert now.
-Mike
