[Pulp-list] Pulp 2.6 vs 2.8 event notifier question

[Jeremy Cline]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/03/2016 12:16 PM, Michael Hrivnak wrote:
> That would be a simple fix to help avoid breaking compatibility for
> users on upgrade to 2.8. Regardless of what the ideal behavior
> should be, the current behavior in 2.8 is different and obviously
> incompatible with assumptions that users have made with previous
> versions.

My opinion is that it was a bug that we didn't verify the signature of
certificate offered and that while things obviously are breaking, they
are breaking because they are mis-configured and insecure.

Is there any reason to be configuring an event listener to POST to a
URL over HTTPS when you expressly *don't* want to be secure?

- -- 
Jeremy Cline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWsmSgAAoJEJIjMI+pskbbBlEP/jl5VQ9ECT69lhi+XqG2Cd8x
U82qQui4q27LG36oxtXAIKHvmERUprq4YZyIMbEf4PGZHR1HDHNzdLHhPD0BtYFD
EQgxhKO9u48kHm98muRGC7qetYZag8+jQJaOS/V1hkQNd5BRxZaT2iK57YvlM2fb
S0FR1whS/SWRvXgnQBMOdcoqaHP4RT2kwp5stCN0C2iwTE5FPdQXhmIXkQasc5Ic
cN2F5M12DMGOYxqXbCLb1S/CAEICI3OvbTzTh+LfWpqvofNxZ1JpPnYv1H3HkIZ8
/mDOwpMESHOvVHALV0jOEgR2J9SKiVrQscxWx5BOa7UT5UTl463GbrVvBlgPQT/m
tajq/H5GgHNDCyTUpmTKZeCKs0wmOtKnOE/2n3xbSbUIaWuTFFjGbUqwe5mxCfbd
+qhgRe5aSzE8T6LD9Ov/78sm/iU6hydDhuZbWUJlj31WhZAwcV9aHrTybApefUNx
T5wTVrwqtACbhIWiuxbsDY44H4IvNjBs/czTQvxHwKm1YW5SBJ6eTg7cd6lSK1ji
OrGfgTNeqehFCY1x6HvUVNggmAx+TorjOQNXPv0acid+aaQD/4Di+epZX7L5tcwc
xiTJZJ4D06GwvNNx+gVxgKdb5aHJaxiOTQM5PkALYUc7ckM1+73j49yQBGkVtREm
ifRM9MmhU3WrPNinQ5xI
=EkeK
-----END PGP SIGNATURE-----