On Wed, Oct 1, 2014 at 3:41 PM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Wed, Oct 01, 2014 at 03:02:34PM +0300, Gilboa Davara wrote: >> When trying to download my package source files from pkgs.fedoraproject.org >> I'm getting self-signed SSL certificates (see details below). >> While it's most likely a minor infrastructure issue, I'd suggest exercising >> caution when downloading sources from pkgs.fedoraproject.org. >> I've also sent an email to admin@xxxxxxxxxxxxxxxxx. > > Take a look at https://fedorahosted.org/fedora-infrastructure/ticket/2324 > > The certificate in use is issued by Fedora's CA and the server cert can be > obtained via https with a publicly-signed cert at > https://admin.fedoraproject.org/accounts/fedora-server-ca.cert > > As I understand it, this is directly verified by some of our infrastructure > which uses pkgs.fedoraproject.org, and although the ticket above outlines a > migration plan, it hasn't become a priority. > OK. Thanks for the info. I believe me original message left something out. I'm using Firefox/wget to download the sources (E.g. https://pkgs.fedoraproject.org/repo/pkgs/icewm/) of my packages, and both shout like crazy about the self-signed certificates. Somehow I never got a self signed cert before. Go figure. Guess I'll have to stick to using fedpkg for the time being. Thanks again for the info and sorry for the noise. - Gilboa -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
