On Wed, 23 Nov 2016 15:45:55 -0500 Colin Walters <walters@xxxxxxxxxx> wrote: > On Wed, Nov 23, 2016, at 12:10 PM, Kevin Fenzi wrote: > > > I suppose thats workable if all the stakeholders agree. > > To confirm, are you agreeing with: > > > So I'd propose pinning to a 3 set of CAs: > > > > - Digicert > > - Some other well-regarded CA vendor > > - A Fedora-infra custom CA (doesn't have to be deployed, just a > > backup plan) > > You were arguing earlier to pin to just digicert I think (though > I can't find that now). Yeah. I am not sure the process we will need to use to get some other CA vendor. RH has a relationship with digicert, so we get our certs via that. When using another vendor we may have to go through some red-tape. So, I can't commit for a time when this would be ready. > We could probably move forward with Digicert + 1-2 other > vendors as well. Maybe to be conservative 2. We can easily > add a custom CA to the set as well at any point. We should make sure that the librepo/dnf folks are on board with this plan before moving forward. :) kevin
Attachment:
pgpa1CIy2l8z2.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
