@Manouchehri: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Hello @Manouchehri,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

Per the Mattermost Contribution Guide, we need to add you to the list of approved contributors for the Mattermost project.

Please help complete the Mattermost contribution license agreement?
Once you have signed the CLA, please comment with /check-cla and confirm that the CLA check is green.

This is a standard procedure for many open source projects.

Please let us know if you have any questions.

We are very happy to have you join our growing community! If you're not yet a member, please consider joining our Contributors community channel to meet other contributors and discuss new opportunities with the core team.

/check-cla

Release Note

Use ai.moda's RFC3161 load balancer to improve build times.

@Manouchehri Thank you for your contribution.
Unfortunately we cannot use this endpoint for security reasons.

Erm, what security reasons...?

Our Security team rejected this for two reasons.

• This is an unknown server.
• We have zero information about the company that provides this server. Their website is not accessible (under construction) and there is no other information that we could collect.
  

I think those two are significant reasons not to proceed with this solution.
Thank you for your understanding

Ah, if your security team doesn't understand how TSAs and/or CAs work in general, then I can why they would mistakenly think either of those things matter.

You're currently accessing your TSA over HTTP... so if your security team believes they need to personally "trust" the TSA endpoint (instead of trusting the certificates it signs with), they've already screwed up.