BJ Cardon

Thanks for pinging me on this @cpu. I want to review this question/use case more thoroughly with some other internal folks and I'll get back with some better thoughts on...

I think it's reasonable to assume that any combination of the values is acceptable, but it's hard to understand why the clearly carefully thought out distinction of the other descriptions...

> With this in mind I'm pretty strongly in favour of reverting the lint as it exists now and re-working any bug fixes in a follow-up PR. I completely agree...

What data source would be used to compare this information to?

There are a number of lints that apply to simply producing a valid certificate according to the RFCs which would equally apply to code signing certs. Also, there is no...

I agree that this would be extremely rough for a project like zlint to manage. I can see the benefits of doing so (even for CSL information as well), but...

Regarding the issue mentioned here, doesn't (https://tools.ietf.org/html/rfc8399#section-2.4) override any previous RFC regarding subject fields and DN/DNS names in a cert? I think it does, and it reads: ``` Domain names...

I have to agree that any scenario that would return an Error (which impacts issuance) in a situation that is non-deterministic, the lint should be lowered to a Warning despite...

Thanks, Bryan. FWIW, we ended up switching to https://github.com/zmap/zlint for cert linting since that's one of the linters crt.sh uses, Boulder CA uses, and seems to stay the most up...

It's just in the other repo this one pivots from. https://github.com/appleboy/drone-jenkins/tree/master/docker