On Wed, Feb 03, 2016 at 09:40:09AM -0500, Eric Helms wrote: > Not to be argumentative, but that seems like a cop out. I would think as a > user I should be able to provide you with the CA certificate that should be > used for verification for a given event notification. I realize this is a > deprecated feature and my intent is not to incur more work. However, I do > find value in having the right solution in place.
Isn't it the case that Katello is not in this situation? I.e., Katello has the power to install the ca trust for the call back? Also, it doesn't make sense to use https:// if you don't want trust to happen. TLS is for two things: trust and privacy, and you can't have privacy without trust. -- Randy Barlow irc: bowlofeggs
signature.asc
Description: PGP signature
_______________________________________________ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list