-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/03/2016 12:16 PM, Michael Hrivnak wrote: > That would be a simple fix to help avoid breaking compatibility for > users on upgrade to 2.8. Regardless of what the ideal behavior > should be, the current behavior in 2.8 is different and obviously > incompatible with assumptions that users have made with previous > versions.
My opinion is that it was a bug that we didn't verify the signature of certificate offered and that while things obviously are breaking, they are breaking because they are mis-configured and insecure. Is there any reason to be configuring an event listener to POST to a URL over HTTPS when you expressly *don't* want to be secure? - -- Jeremy Cline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWsmSgAAoJEJIjMI+pskbbBlEP/jl5VQ9ECT69lhi+XqG2Cd8x U82qQui4q27LG36oxtXAIKHvmERUprq4YZyIMbEf4PGZHR1HDHNzdLHhPD0BtYFD EQgxhKO9u48kHm98muRGC7qetYZag8+jQJaOS/V1hkQNd5BRxZaT2iK57YvlM2fb S0FR1whS/SWRvXgnQBMOdcoqaHP4RT2kwp5stCN0C2iwTE5FPdQXhmIXkQasc5Ic cN2F5M12DMGOYxqXbCLb1S/CAEICI3OvbTzTh+LfWpqvofNxZ1JpPnYv1H3HkIZ8 /mDOwpMESHOvVHALV0jOEgR2J9SKiVrQscxWx5BOa7UT5UTl463GbrVvBlgPQT/m tajq/H5GgHNDCyTUpmTKZeCKs0wmOtKnOE/2n3xbSbUIaWuTFFjGbUqwe5mxCfbd +qhgRe5aSzE8T6LD9Ov/78sm/iU6hydDhuZbWUJlj31WhZAwcV9aHrTybApefUNx T5wTVrwqtACbhIWiuxbsDY44H4IvNjBs/czTQvxHwKm1YW5SBJ6eTg7cd6lSK1ji OrGfgTNeqehFCY1x6HvUVNggmAx+TorjOQNXPv0acid+aaQD/4Di+epZX7L5tcwc xiTJZJ4D06GwvNNx+gVxgKdb5aHJaxiOTQM5PkALYUc7ckM1+73j49yQBGkVtREm ifRM9MmhU3WrPNinQ5xI =EkeK -----END PGP SIGNATURE----- _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
