On Apr 5, 2021, at 8:32 AM, Johnny Hughes <johnny@xxxxxxxxxx> wrote: > > wrt private keys .. we don't want any to live on machines we > don't physically own. Yeah, I get that. What I don’t get is why, if DNF goes to http://foo.centos.org to pull metadata, and it tells DNF to go to https://bar.qux.example.edu to download the packages specified by that metadata, why must there be any private keys for *.centos.org involved on example.edu’s servers? Surely the sysadmin of bar.qux.example.edu obtains a TLS key pair from some trusted CA that certifies that bar.qux.example.edu is valid according to the worldwide TLS public PKI. If we’re talking about package signing keys, surely that all happens on centos.org servers, and the resulting RPM packages are distributed as-is, not re-signed on each mirror server. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: Can't upgrade sssd-*
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Can't upgrade sssd-*
- From: Warren Young <warren@xxxxxxxxxxx>
- Date: Mon, 5 Apr 2021 11:04:38 -0600
- In-reply-to: <ee2e1bda-10c3-7397-2ffa-7bde42dbbd5d@centos.org>
- References: <DCA52A21-DCE5-43EB-BE97-31C03B041F48@etr-usa.com> <A7CC590E-3E81-42D3-92B6-80D1F40C87FF@etr-usa.com> <059e6203-502e-29fe-bfee-f1e9f1081d32@centos.org> <B118B08A-A83C-45C1-B81C-78AC05A04879@etr-usa.com> <ee2e1bda-10c3-7397-2ffa-7bde42dbbd5d@centos.org>
- Follow-Ups:
- Re: Can't upgrade sssd-*
- From: Stephen John Smoogen
- Re: Can't upgrade sssd-*
- References:
- Can't upgrade sssd-*
- From: Warren Young
- Re: Can't upgrade sssd-*
- From: Warren Young
- Re: Can't upgrade sssd-*
- From: Johnny Hughes
- Re: Can't upgrade sssd-*
- From: Warren Young
- Re: Can't upgrade sssd-*
- From: Johnny Hughes
- Can't upgrade sssd-*
- Prev by Date: Re: almalinux?
- Next by Date: Re: almalinux?
- Previous by thread: Re: Can't upgrade sssd-*
- Next by thread: Re: Can't upgrade sssd-*
- Index(es):
 |