[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH 3/4] automation: Remove expired root certificates used to be used by let's encrypt
- To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
- From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
- Date: Thu, 16 Feb 2023 11:34:43 +0000
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>
- Delivery-date: Thu, 16 Feb 2023 11:35:47 +0000
- Ironport-data: A9a23:a4/akq2AMfM5cUdic/bD5eRxkn2cJEfYwER7XKvMYLTBsI5bp2RTn WpJC2nUM67ZazSnLtolOdjk8B8O7ZfXmIVrSwpqpC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gZnO6gS1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfOUNP3 uxfDSw2fBXeofDn3ZKgU7Jor5F2RCXrFNt3VnBIyDjYCbAtQIzZQrWM7thdtNsyrpkQR7CEP ZNfMGcxKk2aOHWjOX9OYH46tO6umnn4dSwesF+PrLA7y2PS0BZwwP7mN9+9ltmiFJoPzx3J+ D+uE2LRWA4iDfa1xCe8qWOprdbvs37jaKEQLejtnhJtqALKnTFCYPEMbnOguuWwgEO6X9NZK mQX9zAooKx081akJvHtUhv9rHOasxo0X9tLD/Z8+AyL0rDT4QuSGi4DVDEpQNcvrsMxSBQh3 0WFmN6vDjtq2JWcUX+H/62YhS+zMyMSa2QFYEc5oRAtuoe55ttp11SWE4glSfTu5jHoJd3u6 wiorQMuwJAPttwOioOprE3nmCv3orGcG2bZ+T7rdm6i6wp4YqusaIqp9UXX4J58EWqJcrWSl CNawpbDtYjiGbnIzXXQG7tVQNlF8t7faFXhbUhT847NHthH01qqZshu7T53Py+F2e5UKGayM Cc/Ve68jaK/3UdGj4ctP+pd6Oxwl8AM8OgJsdiFBueimrArKGe6ENhGPCZ8JVzFnkk2ir0YM pyGa8uqBntyIf05k2TqF7lFi+V6n3FWKYbvqXfTlUnP7FZjTCTNFedt3KWmMIjVE59oUC2Kq o0CZqNmOj1UUfHkYzm/zGLgBQliEJTPPriv85Y/XrfacmJb9JQJV6e5LUUJJ9Y0wMy4V47go hmAZ6Ov4Aan2SyccVzXNS4LhXGGdc8XkE/X9BcEZT6As0XPq671vM/zq7NfkWEbydFe
- Ironport-hdrordr: A9a23:Fq/oyqs9eQYUX5Q7AMYdrhxM7skDstV00zEX/kB9WHVpm6yj+v xG/c5rsCMc7Qx6ZJhOo7+90cW7L080lqQFg7X5X43DYOCOggLBQL2KhbGI/9SKIVycygcy78 Zdm6gVMqyLMbB55/yKnTVRxbwbsaW6GKPDv5ag8590JzsaD52Jd21Ce36m+ksdfnggObMJUK Cyy+BgvDSadXEefq2AdwI4t7iqnaysqHr+CyR2fiIa1A==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Feb 15, 2023 at 04:14:53PM -0800, Stefano Stabellini wrote:
> On Wed, 15 Feb 2023, Andrew Cooper wrote:
> > Honestly, I think I'd prefer to drop all of these legacy versions...
>
> Good timing! It just so happens that we need to shave some of the old
> container tests as we have too many build tests on x86 :-)
>
> I would remove Jessie as it reached EOL years ago. Do we really need
> both Centos 7 and 7.2? If not, we could remove 7.
Actually, 7.2 is older than 7, so I would remove 7.2. (7 would be 7.x so
latest 7 which is 7.9.)
> That leaves us with Trusty and Centos 7.2 among these. I would be
> tempted to keep Trusty and add the sed hack of this patch to make it
> work. For Centos 7.2, the hack looks even worse. Would it solve the
> problem to upgrade to the latest Centos 7.x subrelease? Is there really
> no other way to solve the problem?
So for centos7, the blacklist of the expired root certificate isn't
needed if we simply run `yum update` which for some reason is missing
from the dockerfile...
Thanks,
--
Anthony PERARD
|
