[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

https://koji.fedoraproject.org is signed with an unknown certificate (extras64.linux.duke.edu)



Hello,

for two months there has been no progress on a security ticket:
https://hosted.fedoraproject.org/projects/fedora-infrastructure/ticket/88

https://koji.fedoraproject.org spits out an strange certificate instead of one 
signed by an well known CA, e.g. Equifax. Can maybe someone who reads here 
and did not notice this Security Bug fix this? In case there is no money 
available for this, then please use at least a certificate from cacerct.org 
instead of this imho nearly complete useless certificate. Also it is not very 
wise to educate users (Fedora maintainers) to accept bad certificates in 
Fedora's Infrastructure, so that in case there is a Man-in-the-middle attack, 
e.g. on an conference with free wifi, the regarding maintainers will be 
fooled.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]