Re: https://pkgs.fedoraproject.org uses self-signed certificates?

Wednesday, 1 October 2014

On Wed, Oct 01, 2014 at 03:02:34PM +0300, Gilboa Davara wrote:
...
 When trying to download my package source files from
pkgs.fedoraproject.org
 I'm getting self-signed SSL certificates (see details below).
 While it's most likely a minor infrastructure issue, I'd suggest exercising
 caution when downloading sources from pkgs.fedoraproject.org.
 I've also sent an email to admin(a)fedoraproject.org. 
Take a look at https://fedorahosted.org/fedora-infrastructure/ticket/2324

The certificate in use is issued by Fedora's CA and the server cert can be
obtained via https with a publicly-signed cert at
https://admin.fedoraproject.org/accounts/fedora-server-ca.cert

As I understand it, this is directly verified by some of our infrastructure
which uses pkgs.fedoraproject.org, and although the ticket above outlines a
migration plan, it hasn't become a priority.

-- 
Matthew Miller
<mattdm(a)fedoraproject.org&gt;
Fedora Project Leader

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: https://pkgs.fedoraproject.org uses self-signed certificates?