oss-sec mailing list archives

Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 24 Nov 2015 21:38:35 -0700

https://github.com/RedHatProductSecurity/Certificates-Shipped/

The idea is to create a comprehensive list of shipped certs/keys/etc by
open source vendors/distributions/projects so that:

1) we have a list of secrets maintained by external parties that we rely
upon
2) we can audit them and make sure we should be trusting them
3) also spot changes more easily (since the existing corpus is available)

I'm guessing there are some surprises waiting for us.

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com

Current thread:

Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 24)
- Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Reed Loden (Nov 25)
  - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
- Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Hanno Böck (Nov 25)
  - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen (Nov 25)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Josh Matthews (Nov 30)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 30)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Daniel Micay (Nov 30)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen (Nov 26)