Martin MC Brown wrote: > > > On 9 Apr 2009, at 07:55, sunanda menon wrote: > > >>>As this means it's more for the test suite to run ,do we feel the > >>>need to provide this for OpenSolaris and SWS respectively,since > >>>the user may or may not choose to install the test package .
Sunanda, what is the "this" in the "need to provide this" above? > I appreciate that - I'm just stating that those files should be > included in the test package, otherwise the tests will fail. Those test certs/keys are already part of the SUNWmysql5test package. > I do not understand what kind of security hole can be presented by > providing sample security certificates as part of the tests. To use > the certificates within a distribution you would have to explicitly > add them to the default configuration file, and the necessary lines to > enable them. There's no problem including test certs/keys in the *test* package. Now, remember the ARC case draft being reviewed in this thread is not about the tests or the test package, so this talk of the test package is offtopic. The spec is about introducing SSL support for /usr/bin/mysql CLI. The wording in the current draft mixes in the [entirely unrelated] test package certs/keys and leads the reader to think that /usr/bin/mysql uses cert & keys hardcoded into the source. As written, it implies the SSL support is useless. Fortunately, that's not at all true, it is only an error in the text of the spec. So that's what needs to be corrected before the case can be filed. > I'll be blunt and say that if users are stupid enough to use the > certificates that we supply for testing to secure their MySQL servers, > then the chances are they don't know what they are doing, and probably > open themselves up for plenty of other security problems beyond using > sample certificates. Indeed! But that's not what the spec under review is about. -- Jyri J. Virkki - jyri.virkki at sun.com - Sun Microsystems
