[CentOS-devel] CBS users : x509 user certificates expiring policy

Tue Jul 5 14:53:08 UTC 2016
Fabian Arrotin <arrfab at centos.org>

Due to some reports in #centos-devel on irc.freenode.net, we thought it
would be good to send a reminder at least on this list about the x509
cert/policy for cbs.centos.org :

If you have an account on https://accounts.centos.org and are an active
builder/developer using https://cbs.centos.org to build pkgs for one or
multiple SIGs, it's worth knowing that initially we had the ~6 months
validity period for certificates generated through ACO.

We documented the "Expired Certificate" error on the dedicated wiki page
(see
https://wiki.centos.org/HowTos/CommunityBuildSystem?#head-e81bf95796a59cbfd026a136f348f539b65cec8d)
but it seems some people forgot about it.

So this is just a reminder that you'd have to check if your cert is
still valid if you're using cbs.centos.org.

On our side, we're working on an automated email reminder that would be
sent to people having their certs expired or near expiring date. That
way you'll know that you just have to use centos-cert
(https://wiki.centos.org/HowTos/CentosPackager) to recreate a new cert
(and that step will automatically revoke the previous one)

If you have any questions, feel free to discuss this here or in
#centos-devel on irc.freenode.net


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20160705/1dfd984e/attachment-0007.sig>