Follow-up to this, Patrick had a few questions on IRC, which I've copied here and answered in case others are interested: > I was wondering whether you intend to continue cryptographically > (x509) signing messages, or if you were planning to enforce sender per > subject in another way? Ultimately, no. RabbitMQ provides access controls[0] which I think will meet our needs. However, the bridge from AMQP back to ZeroMQ will support signing the messages so consumers outside of Fedora Infrastructure are not broken. My expectation is we'll run this bridge long term as the way for external consumers to get events, even if we don't use ZeroMQ internally. ZeroMQ is a solid library and it feels like a good fit for the public access use-case. The bridge is ~10-20 lines of code so it's not a huge maintenance burden, either. I would like to eventually drop the message signing completely and replace it with the a ZeroMQ socket with zmq-curve[1] for authentication. That lets us stop using fedmsg completely (which is appealing because it depends on pyOpenSSL which is not long for this world). > is the plan to move the projects to the fedora-infra org in the long > run, or was your plan to keep them under your personal account? Definitely planning on moving it over if people like it. [0] https://www.rabbitmq.com/access-control.html [1] http://api.zeromq.org/4-2:zmq-curve -- Jeremy Cline XMPP: jeremy@xxxxxxxxxx IRC: jcline
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx/message/MK7ROH44JJY33RMKHKJNF4PTOOPOEGAU/
