On Wed, 23 Nov 2016 15:45:55 -0500 Colin Walters <[email protected]> wrote:
> On Wed, Nov 23, 2016, at 12:10 PM, Kevin Fenzi wrote: > > > I suppose thats workable if all the stakeholders agree. > > To confirm, are you agreeing with: > > > So I'd propose pinning to a 3 set of CAs: > > > > - Digicert > > - Some other well-regarded CA vendor > > - A Fedora-infra custom CA (doesn't have to be deployed, just a > > backup plan) > > You were arguing earlier to pin to just digicert I think (though > I can't find that now). Yeah. I am not sure the process we will need to use to get some other CA vendor. RH has a relationship with digicert, so we get our certs via that. When using another vendor we may have to go through some red-tape. So, I can't commit for a time when this would be ready. > We could probably move forward with Digicert + 1-2 other > vendors as well. Maybe to be conservative 2. We can easily > add a custom CA to the set as well at any point. We should make sure that the librepo/dnf folks are on board with this plan before moving forward. :) kevin
pgp8YKrY2ghG3.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected]
