Atm users and devs dont have a way to verify the checksums of the ssl cert. This should be documented somewhere like the ssh fingerprints.
Put it on your overlays project documentation somewhere.
Is it common to communicate SSL fingerprints? Personally I'd prefer a cert that is not signed by ourselves, i.e. bug #410569 :-)
1) I won't put it in the overlays docs 2) I plan to replace overlays.gentoo.org 3) what Sebastian said :P
Well.. we offer SSL for overlays.gentoo.org so we should somewhere list the fingerprint(s) so that the users can verify it.
Well, I still believe that the proper place for this is somewhere in infra docs, and not in overlays docs. For example, an infra doc that lists all of our certs/fingerprints, and not only the one of overlays.g.o. How about this?
Re-assigning to infra, I'll create such a doc
Our SSL certificates are issued by 'trusted' CAs now, I assume the need for fingerprints is no longer as urgent. Closing.