On Thu, 22 Jul 2021 at 10:48, Beatriz Michelson Reichert <beatrizreichert99@xxxxxxxxx> wrote: > > Hi, I'm Beatriz and I'm a student at the Santa Catarina State University. > Hi Beatriz and welcome to Fedora Infrastructure. > Currently, I'm studying the Fedora Release Life Cycle, and would like to know if anyone could help me with some questions about this subject: > > I understand that the services used to build composes (e.g., Koji, Bodhi, Pungi) use TLS. But it was unclear whether these certificates are generated internally or whether they are generated by a public CA (e.g., letsencrypt). > Do clients use the trust anchors from the ca-certificates package or do they have a list of their own? > When you say 'use TLS' what parts are you meaning? Most of the connections go through dedicated proxies so are using the same certificates you see at https://koji.fedoraproject.org/koji/ https://kojipkgs.fedoraproject.org//work/ so would be using the Digicert certs. I am not sure about other places in the infrastructure and how they interact. The release engineers and security officer would know better. -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on BBS... time to reboot. _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure