On Fri, 10 May 2024 at 15:49, Steve McIntyre <st...@einval.com> wrote: > > On Fri, May 10, 2024 at 03:44:35PM +0100, Luca Boccassi wrote: > >On Fri, 10 May 2024 at 15:36, Steve McIntyre <st...@einval.com> wrote: > >> On Fri, May 10, 2024 at 04:29:00PM +0200, Ansgar 🙀 wrote: > >> > >> >Maybe we should use a non-trusted cert for the initial setup and only > >> >switch to a proper cert once everything is confirmed to be working as > >> >expected? > >> > >> Hmmm, maybe? Luca? > > > >What do you mean precisely here? A DSA-managed cert used by FTP to > >sign but that doesn't chain to the Debian CA? Or to do something > >completely local to the systemd-boot package? > > Exactly the former - we can use a test key for signing systemd-boot to > start with. Once we're happy all round, we can switch to a cert in the > chain. > > >I am fine with any approach that lets us move forward, if that needs > >to be some intermediate testing stage that's fine by me. > > Cool.
Ok, sounds good to me, thanks. DSA, now that FTP Team has acked with this suggestion to use a test cert first, are you happy to proceed or is there anything else you need from me? Thanks!
