Hey bright idea bringers!The Fedora Certificates issued by FAS are currently set to be autogenerated if you have an account in FAS. This has one drawback. We have to keep the password for the CA keys that sign the FAS certificates in a file on the filesystem so that the automatic signing can use them.
Has anyone else had to confront this problem? Right now I'm thinking of coding something that involves human interaction to sign the certs and send email notifying people when their cert is ready to download. That's certainly doable, but introduces a wait time that isn't in the current design. I'd love input on better ways to do this.
Description: OpenPGP digital signature