Yeah, it's late. Sue me. On second thought, don't.

So I went to FUDCon. Nitin already posted his notes, which made me realize that I'd forgotten to use my camera again. I spent an inordinate amount of time getting a loaner from the office working on the wireless, so I was offline for large chunks of the weekend, which as it turned out, was fine.

I did get a bit more work done on the oddjob PolicyKit integration branch, as planned, but it's not quite where I want it to be to merge it to mainline (it's using APIs which are promised to be super-slow, which is less than optimal). As it happens, I haven't gotten back to it in the 2+ months since then.

The big event for me was the Func session. Func is made of awesome and excitement, but I had some concerns about how it used PKI. After quietly fretting about it, which I do far too much, Seth hunted me down and grilled me about it. In summary: certmaster doesn't quite do what the RFCs say a CA should do (mainly, revocation and basic constraints: in that certmaster didn't support them), and I think we generally agreed about that.

Part of this was due to not being able to create and add certain extensions to certificates via pyOpenSSL -- the code was there, but it had rotted as OpenSSL gained new APIs. A week or two later, I took another stab at it and filed a bug to at least get pyOpenSSL to provide a way to add extensions.