On Friday, October 30, 2015 08:28:52 PM Florian Weimer wrote:
I think this issue exists because Fedora actually issues certificates to
packagers for submitting packages to the system thus a need for a common CA.
Okay, now that I've written that I really can't say that the argument makes
complete sense. I'll follow up with Infra and see what they can tell me WRT
encrypting all the things in a way that provides verified domain assurance.