**** BEGIN LOGGING AT Fri May 14 02:59:56 2021
May 14 10:18:35 <leon-anavi> hi, it looks like the SSL certificate on https://layers.openembedded.org/ has expired yesterday 13th May.
May 14 10:19:06 <leon-anavi> My web browser is complaining. Is there a scheduled renewal of the certificate?
May 14 14:01:56 <Crofton|cloud> halstead: ^^^
May 14 14:02:11 <Crofton|cloud> How good are we at package signing per this comment?
May 14 14:02:14 <Crofton|cloud> Can you guys do something about Linux package signing? Source package signatures are supposed to be validated by distros who build and provide as binaries, but binary package signing is uneven and rpm/apt/deb all end up relying only on repo key fingerprints and never actually check package signatures.
May 14 14:23:20 <Crofton|cloud> shoragan: any clues about the above question I got on linkedin?
May 14 14:24:56 <shoragan> Crofton|cloud, i've never used OE package feeds except during development
May 14 14:25:07 <Crofton|cloud> ok
May 14 14:25:28 <shoragan> also, i don't really see the issue with repo signing (which is what debian/apt uses)
May 14 14:25:38 <Crofton|cloud> I am poking at someone who shared the ecent presidential cyber order, lots of stuff about sw supply chain
May 14 14:26:11 <Crofton|cloud> I understand less than you
May 14 14:26:32 <shoragan> for normal distros it might be interesting if packages are built by different people. but in the end, you trust the distro not a single developer, so a distro-wide signature is fine
May 14 15:13:51 <halstead> leon-anavi, Crofton|cloud. I've reloaded the layerindex webserver.
May 14 15:14:06 <leon-anavi> thanks!
May 14 15:14:10 <Crofton|cloud> halstead: thanks
May 14 15:14:19 <Crofton|cloud> sorry to bother you so early
May 14 15:21:36 <halstead> No problem. Sorry the auto renewal & reload failed.
**** ENDING LOGGING AT Sat May 15 02:59:58 2021