
Announcing https://GitHub.com/RedHatProductSecurity/Certificates-Shipped/ - e12e
http://seclists.org/oss-sec/2015/q4/374
======
e12e
Whole text (but this is just the start of the thread, click through to read a
handful of replies on the OSS-SEC list):

    
    
      Announcing https://github.com/RedHatProductSecurity
      /Certificates-Shipped/ From: Kurt Seifried
      <kseifried () redhat com>
      Date: Tue, 24 Nov 2015 21:38:35 -0700
    
      [1] https://github.com/RedHatProductSecurity/
      Certificates-Shipped/
    
      The idea is to create a comprehensive list of
      shipped certs/keys/etc by open source
      vendors/distributions/projects so that:
    
      1) we have a list of secrets maintained by
      external parties that we rely upon
      2) we can audit them and make sure we
      should be trusting them
      3) also spot changes more easily (since the
      existing corpus is available)
    
      I'm guessing there are some surprises
      waiting for us.
    
      --
      Kurt Seifried -- Red Hat -- Product Security
      (...)
    

[1] Split to avoid long unbreakable line in pre-text-box on hn:

[https://github.com/RedHatProductSecurity/Certificates-
Shippe...](https://github.com/RedHatProductSecurity/Certificates-Shipped/)

