not sure if we care, but download.fp.o is using the plain fp.o https cert, not the wildcard cert. We only use download.fp.o to do redirects to (most likely non-https) mirrors, but it might still be good to be sure there's no MITM between user and our redirector. If so, we should be using the wildcard cert, yes?
Thanks, Matt
On 2008-10-04 04:40:31 PM, Matt Domsch wrote:
not sure if we care, but download.fp.o is using the plain fp.o https cert, not the wildcard cert. We only use download.fp.o to do redirects to (most likely non-https) mirrors, but it might still be good to be sure there's no MITM between user and our redirector. If so, we should be using the wildcard cert, yes?
That last puppet commit should get download.fp.o on the wildcard cert.
Thanks, Ricky
infrastructure@lists.fedoraproject.org