Comment 1 Robin Johnson 2010-05-25 20:50:29 UTC

Put it on your overlays project documentation somewhere.

Comment 2 Sebastian Pipping 2012-06-23 18:48:09 UTC

Is it common to communicate SSL fingerprints?  Personally I'd prefer a cert that is not signed by ourselves, i.e. bug #410569 :-)

Comment 3 Theo Chatzimichos (RETIRED) 2012-06-27 16:14:32 UTC

1) I won't put it in the overlays docs 2) I plan to replace overlays.gentoo.org 3) what Sebastian said :P

Comment 4 Christian Ruppert (idl0r) 2012-06-27 18:04:39 UTC

Well.. we offer SSL for overlays.gentoo.org so we should somewhere list the fingerprint(s) so that the users can verify it.

Comment 5 Theo Chatzimichos (RETIRED) 2012-06-27 18:42:53 UTC

Well, I still believe that the proper place for this is somewhere in infra docs, and not in overlays docs. For example, an infra doc that lists all of our certs/fingerprints, and not only the one of overlays.g.o. How about this?

Comment 6 Theo Chatzimichos (RETIRED) 2012-06-27 19:48:38 UTC

Re-assigning to infra, I'll create such a doc

Comment 7 Alex Legler (RETIRED) 2014-10-24 11:48:56 UTC

Our SSL certificates are issued by 'trusted' CAs now, I assume the need for fingerprints is no longer as urgent. Closing.