Re: F38 proposal: RPM Sequoia (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Neal Gompa wrote:
> I'm not going to get into this too much, but suffice to say, it's not
> universally accessible as a CA.

I would very much be interested in those details though. I do not see 
anybody being excluded from Let's Encrypt, not even countries under US 
embargo (e.g., over 300000 sites in Iran are apparently using it 
successfully).

> And using Let's Encrypt for private mirrors is sufficiently painful that I
> wouldn't recommend it.

Set up a subdomain like vpn.example.com, point it to the public IP, then 
configure the VPN's internal DNS to resolve vpn.example.com to the VPN-
internal address instead, the /etc/hosts on the VPN server itself to resolve 
it to 127.0.0.1, and the mirror server on port 443 (whereas port 80 is 
reserved for certbot's builtin temporary (and world-readable) webserver with 
the http-01 challenge) to accept connections only from the VPN and from 
localhost and to use the Let's Encrypt certificate. Been there, done that 
(not for a repository mirror though, my employer is small enough for that 
not to be worthwhile). I assume that this approach should also work for a 
physical LAN in lieu of the VPN.

> There have been attempts to fix things, but Panu doesn't feel
> qualified to review the changes. That doesn't mean someone else who
> would be willing to do so couldn't. But because of... reasons, as long
> as it's in the RPM codebase, it's unlikely someone else will be
> trusted enough to do those reviews.

I see. So splitting might be worthwhile then. Assuming someone will care 
enough to actually maintain the code.

        Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux