self signed Cert

Florian Heigl florian.heigl at
Wed Jan 14 21:36:58 UTC 2015


I wonder if this has been brought up before but didn’t see anything about it.
The EU SVN mirror is running a selfsigned cert, while the US one is running with a public accepted cert.

The documentation has the fingerprint for the certificate, it can be found at:

Honestly it would be a lot easier to simply use a valid and public certificate for each of the SVN mirrors.
By now we should all have learned that any, really any slight chance of attack is being abused.

With a self signed cert we offload the problem to all users to actually verify the cert each time they do a fresh checkout. 
Even better, with a self-signed cert we won’t have any CRL support, right? Or is there a CRL provided for them?
(Disclaimer, mostly this depends on that feature “ever” being added to SVN anyway)

I hope this plea reaches the right set of eyes for consideration.
Since the SVN page asks to send any questions to -questions instead of mirrors/infra, i’m sending it here.

Please: ditch any self signed certs from freebsd source and build infra chain.

More information about the freebsd-questions mailing list