On Mon, 2025-05-26 at 09:53 -0400, Todd Zullinger wrote: > If so, it looks to be entirely optional: > > Our longer-lived certificates, which currently have a > lifetime of 90 days, will continue to be available > alongside our six-day offering. Subscribers will be able > to opt in to short-lived certificates via a certificate > profile mechanism being added to our ACME API. > > Very few, if any, home users will have a need for such short > lifetime certificates. > > Most non-home users won't need them either, if they're being > realistic about their attack surface. > > If you have it all fully automated, it shouldn't hurt to use > the shorter lifetime, but for the purposes being discussed > here, it _seems_ like a moot point. I'm not sure I believe in their automation ideas, at all (having read further into their website). If someone managed to hack into my (externally hosted) website and take it over, it'd continue updating the certificate under their control. But if I had to be the one updating the certificate, it wouldn't get automatically updated in my absence. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 (yes, this is the output from uname for this PC when I posted) Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
