On Po, 2016-02-15 at 13:05 +0000, David Woodhouse wrote: > On Tue, 2016-02-02 at 17:13 +0100, Tomas Mraz wrote: > > Hello, > > for anyone interested in the subject and visiting DevConf in Brno > > on > > this Friday - we will be holding an informal meeting to gather use- > > cases > > for needed improvements in this area. We are interested in feedback > > from > > Fedora/RHEL system administrators and developers. > > > > The meeting will happen on Friday Feb 5th 2016 13:10-14:30 at the > > DevConf venue in the room C228. > > > > See also: > > https://communityblog.fedoraproject.org/system-ca-certificate-trust > > -management-review-planning-meeting-devconf/ > > > > Regards, > > > > Tomas Mraz, Security Technologies Team member at Red Hat > > Hi Tomas, > > Was there a conclusion for this? Hello, unfortunately probably due to no mention of the public meetings in the official DevConf schedule - they were mentioned only on a separate page in the DevConf brochure - there was only a single non-redhatter that appeared at the meeting. We had some informal discussion with him and the redhatters that were present. The conclusion was that our team should probably focus more on the crypto libraries support for the stapled extensions and using the trust store directly via the p11-kit-trust PKCS#11 module and not through the extracted certificate lists - namely OpenSSL lacks this support and probably should be the first priority to fix before any development of high-level trust management application/API should start. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
