Tres Seaver wrote:
We also distribute a private key to be used for sftp.  (Shouldn't there
be a corresponding public key?)  This seems like a very bad idea too.

Keys should be generated inside '', never shipped.  We
should probably add scripts for (re)doing the generation, as well.

Well, mkzopeinstance doesn't enable ssl, so I don't think it
needs to do anything of the sort.  Aren't there already tools
for generating keys? Surely, we shouldn't have to provide them
ourselves.  My intuition is that people should have to learn
enough about ssl to use find and use existing tools to generate
ssl keys/certs before taking the responsibility for running an ssl


I didn't realize that we were shipping them at all.
Are the shipped certs part of Twisted?  In that case, we need to report
this as an upstream bug.

No, they are a part of zopeskel (another peeve of mine :).

BTW, are there tests of the HTTPS and SFTP support?

No se.  Remove the code and see what breaks ;).

Sounds like a good project for someone.

I have a feeling that it won't break any tests, in which case
it should be removed until someone is willing to take responsibilty
for it.


Jim Fulton           mailto:[EMAIL PROTECTED]       Python Powered!
CTO                  (540) 361-1714  
Zope Corporation
Zope3-dev mailing list

Reply via email to