From: Patrick Williams <patrick@stwcx.xyz>
To: "Alan Kuo (郭振維)" <Alan_Kuo@quantatw.com>
Cc: "benjaminfair@google.com" <benjaminfair@google.com>,
"openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>,
"ed@tanous.net" <ed@tanous.net>,
"bradleyb@fuzziesquirrel.com" <bradleyb@fuzziesquirrel.com>,
"rhanley@google.com" <rhanley@google.com>,
"ztai@google.com" <ztai@google.com>
Subject: Re: Requests to create a repo in openbmc github
Date: Mon, 16 Nov 2020 06:42:27 -0600 [thread overview]
Message-ID: <20201116124227.GC4495@heinlein> (raw)
In-Reply-To: <39e45d166da14a83a3fc0e63ea73f14c@quantatw.com>
[-- Attachment #1: Type: text/plain, Size: 856 bytes --]
Hello Alan. We'll have a discussion in the docs review to see if this
fits better in an existing repository since it is a fairly minor
feature.
On Mon, Nov 16, 2020 at 03:21:25AM +0000, Alan Kuo (郭振維) wrote:
> For improve security, we propose a daemon that generate a self-signed https certificate once the hostname is assigned.
I don't think that any self-signed certificate does anything to improve
security. Any self-signed certificate, even with a valid hostname, can
simply be forged. Finding a self-signed certificate where the hostname
matches does not give you any additional confidence over a certificate
without a hostname.
It doesn't look like you put this wording into the doc, which is good,
but we should not have it anywhere in the code either because it gives a
false sense of security.
--
Patrick Williams
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2020-11-16 12:45 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 3:21 Requests to create a repo in openbmc github Alan Kuo (郭振維)
2020-11-16 12:42 ` Patrick Williams [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201116124227.GC4495@heinlein \
--to=patrick@stwcx.xyz \
--cc=Alan_Kuo@quantatw.com \
--cc=benjaminfair@google.com \
--cc=bradleyb@fuzziesquirrel.com \
--cc=ed@tanous.net \
--cc=openbmc@lists.ozlabs.org \
--cc=rhanley@google.com \
--cc=ztai@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.