Requests to create a repo in openbmc github

Requests to create a repo in openbmc github

[Alan Kuo (郭振維)]

[-- Attachment #1: Type: text/plain, Size: 470 bytes --]

Hi Brad:

This is Alan from Quanta Computer.
Quanta would like share a new feature to the OpenBMC community.

For improve security, we propose a daemon that generate a self-signed https certificate once the hostname is assigned.

The design guide is under review https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/38264
We would like to ask your help to create a repo named “phosphor-monitor-hostname” in OpenBMC github when it is approved.

Thanks,
Alan

[-- Attachment #2: Type: text/html, Size: 3065 bytes --]

Re: Requests to create a repo in openbmc github

[Patrick Williams]

[-- Attachment #1: Type: text/plain, Size: 856 bytes --]

Hello Alan.  We'll have a discussion in the docs review to see if this
fits better in an existing repository since it is a fairly minor
feature.

On Mon, Nov 16, 2020 at 03:21:25AM +0000, Alan Kuo (郭振維) wrote:
> For improve security, we propose a daemon that generate a self-signed https certificate once the hostname is assigned.

I don't think that any self-signed certificate does anything to improve
security.  Any self-signed certificate, even with a valid hostname, can
simply be forged.  Finding a self-signed certificate where the hostname
matches does not give you any additional confidence over a certificate
without a hostname.

It doesn't look like you put this wording into the doc, which is good,
but we should not have it anywhere in the code either because it gives a
false sense of security.

-- 
Patrick Williams

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]