[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: https://koji.fedoraproject.org is signed with an unknown certificate (extras64.linux.duke.edu)



Till Maas wrote:
Hello,

for two months there has been no progress on a security ticket:
https://hosted.fedoraproject.org/projects/fedora-infrastructure/ticket/88

https://koji.fedoraproject.org spits out an strange certificate instead of one signed by an well known CA, e.g. Equifax. Can maybe someone who reads here and did not notice this Security Bug fix this? In case there is no money available for this, then please use at least a certificate from cacerct.org instead of this imho nearly complete useless certificate. Also it is not very wise to educate users (Fedora maintainers) to accept bad certificates in Fedora's Infrastructure, so that in case there is a Man-in-the-middle attack, e.g. on an conference with free wifi, the regarding maintainers will be fooled.
This isn't actually causing any practical problems so I've been ignoring it. As far as man in the middle attack... someone will think they've submitted a build but haven't? either way I'll submit a purchase request for the cert now.

   -Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]