[ocaml-infra] [opam-devel] expiration SSL certificate

Anil Madhavapeddy anil at recoil.org
Tue Sep 13 10:35:39 BST 2016


On 13 Sep 2016, at 10:31, Michael Grünewald <michipili at gmail.com> wrote:
> 
> 
>> On 13 Sep 2016, at 11:26, Anil Madhavapeddy <anil at recoil.org> wrote:
>> 
>> On 13 Sep 2016, at 10:15, Daniel Bünzli <daniel.buenzli at erratique.ch> wrote:
>>> 
>>> Had a look at this. It seems rather toyish at the moment and makes me wonder a bit about programmers building security infrastructure on top of libraries with obvious security risks...
>> 
>> Is there something specific in OCaml-Acme that worries you, or is this a general existential crisis about the state of software security that you are experiencing?
> 
> Could we relax a bit?  It’s only Tuesday. ;)

I'm perfectly relaxed, thank you. Daniel is pretty good at spotting fatal flaws in software, so I'd like to clarify his opinion before reconstructing our SSL infrastructure.

Xavier, it may be better just to renew with Gandi TLS for another year, to give us a bit more time to move over to a properly rotated Letsencrypt.org base over the course of the year.

regards,
Anil


More information about the Infrastructure mailing list