On Fri, May 10, 2024 at 03:44:35PM +0100, Luca Boccassi wrote: >On Fri, 10 May 2024 at 15:36, Steve McIntyre <st...@einval.com> wrote: >> On Fri, May 10, 2024 at 04:29:00PM +0200, Ansgar 🙀 wrote: >> >> >Maybe we should use a non-trusted cert for the initial setup and only >> >switch to a proper cert once everything is confirmed to be working as >> >expected? >> >> Hmmm, maybe? Luca? > >What do you mean precisely here? A DSA-managed cert used by FTP to >sign but that doesn't chain to the Debian CA? Or to do something >completely local to the systemd-boot package?
Exactly the former - we can use a test key for signing systemd-boot to start with. Once we're happy all round, we can switch to a cert in the chain. >I am fine with any approach that lets us move forward, if that needs >to be some intermediate testing stage that's fine by me. Cool. -- Steve McIntyre, Cambridge, UK. st...@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty