Hello Lew,

Allow me to give you two answers:

Lazy (executive?) answer: if you want guarantees go with a commercial distro like SLES.

Not so lazy one: are you concerned about authoritative DNS highjacking just in time for the renewal?

Regards,

CI.

El dom., 25 de junio de 2023 16:18, Lew Wolfgang <wolfgang@sweet-haven.com> escribió:

Hi Folks,

I'm sure this isn't the right list for this question, but it will have
to do.

In downloading the Leap 15.5 ISO I noticed that the TLS cert is issued
by Let's Encrypt. This is rather concerning considering all the current
supply-chain security issues.

Does Let's Encrypt still use a one-step domain verification process? If
so, how can it really be trusted for something as important as an
operating system? How can we be sure we're not downloading malware without
strong domain verification of the source?

Regards,
Lew