/etc/burp/clientconfdir/testclient contains a well known password (it's simmilar to the combination on my luggage).
So on installation I remove that file. An upgrade puts it back. That seems... unwise. The way I understand things anyone who can connect to the burp server can request a cert with that password for CN testclient and then force a backup run. Can we maybe not do that? Thanks, Florian -- I'm not entirely sure you are real.
