-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, The initial idea is to configure Koji and make it available to the community. Thanks to Karanbir/Fabian we already got the hardware and installation is on going. But first, we would like to ask for feedback: 1/ PKI setup, a proposal: - - koji-web use a certificate signed by an external CA (and obviously trusted) - - the rest of the koji architecture (hub and kojid) will use a self-signed CA that we'll use to also generate other certs. The proposal is to gpg encrypt the CA within a non-public GIT repo. Talking with Fabian, he already use this method for other infrastructure project. - - the clients (at the beginning git.c.o) will use self-signed CA. This need to be discussed in the light of future integration of different user facing tools (koji, git, etc...) and if we want to provide koji client accesses, as Fedora project does. 2/ Hostnames to use: - - After a round on #centos-devel, cbs.centos.org was the best we can come up with. Comments ? - - For the builders machine, we should decide on a decent naming as this info appears in RPM metadata. i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc... Do we want to deal with different "architecture family" within the name (e.g ARM) ? i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org Your comments are very welcome! cheers, - -- Thomas 'alphacc' Oulevey -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTrBiUAAoJEH2Wn86OP8Ni5xYH/jYyRN+gr6r8v8zih/yF7fOi INws9FC9+U+kP1r9Wsfg6Ge92uQJdX7t5G6Oom89ZcHoshVY685Cv647Es5ySkMP ls5NBXQu92l5QcXFOSP6gcThOyd7bO7Kh5onziULmIkdDWkEdz12kBPI2bVPQqwI JrZVTwvHSEN+5sVBccMKGYmiqFhs/qt12i/EaK2bvWCs/CRcrjyKJiHhlej3Zo+7 nSo8pwFCsq2T08FWfvnWYfjzFs8RmpFclBGakYRRyKk74TV63jKExqAL1zJGhaSF yZxYt8XZeXrv5fdxXtKzA0WL8rf3tKN0rRC/mMcQUo28OaN53Wxuzw/YCRnN0po= =2Hqy -----END PGP SIGNATURE-----