-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

The initial idea is to configure Koji and make it available to the
community.

Thanks to Karanbir/Fabian we already got the hardware and installation
is on going.

But first, we would like to ask for feedback:

1/ PKI setup, a proposal:
- - koji-web use a certificate signed by an external CA (and obviously
trusted)
- - the rest of the koji architecture (hub and kojid) will use a
self-signed CA that we'll use to also generate other certs. The
proposal is to gpg encrypt the CA within a non-public GIT repo.
Talking with Fabian, he already use this method for other
infrastructure project.
- - the clients (at the beginning git.c.o) will use self-signed CA.

This need to be discussed in the light of future integration of
different user facing tools (koji, git, etc...) and if we want to
provide koji client accesses, as Fedora project does.

2/ Hostnames to use:
- - After a round on #centos-devel, cbs.centos.org was the best we can
come up with. Comments ?
- - For the builders machine, we should decide on a decent naming as
this info appears in RPM metadata.
i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc...
Do we want to deal with different "architecture family" within the
name (e.g ARM) ?
i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org

Your comments are very welcome!

cheers,