http://bugzilla.spamassassin.org/show_bug.cgi?id=3573
------- Additional Comments From [EMAIL PROTECTED] 2004-07-07 15:58 ------- I think I might not understand the problem. Is it that there is something wrong with handing out a test key and cert, or that the test fails to cover problems that they may have with their own key and certificate? If it is the latter, I agree, but I would like to add coverage using their own key and certificate as another set of test patterns, and make it optional. Here is my rationale: The test key and certificate I generated are known to be good, with about 100 year expiration date. The certificate is clearly labeled as a test certificate with the embedded information being such that it could never be mistaken for a real one for production use. Using them, the test confirms that SSL works, letting us catch problems such as bug 3527 and bug 3569 on any build machine that has SSL libraries even when the builder is not set up with keys for using SSL for spamd/spamc in production. That's reason for having a test key and cert even we we then do more. For people who want to use spamd/spamc with SSL, adding the tests using their key and certificate is useful. Having both sets of tests isolates whether a problem is in SpamAssassin or in their certificate. People who do have a key and certificate may not be able to easily make the key available to the make test. The key file used in production is secret. Make test does not require root or other privileged access up to now, but running it with access to the real key file would require privileged access. I think that last argument is the clincher. I would like to avoid requiring running make test as root or other privileged userid. At same time someone should be able to test their own key and certificate. I'm not sure of the best compromise here. Perhaps we need some standalone test that is run as a privileged userid separate from all the rest of the regression tests? Ideas? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
