[Swan-dev] generating x509 certificates

D. Hugh Redelmeier hugh at mimosa.com
Tue Feb 3 20:11:32 EET 2015

| From: Antony Antony <antony at phenome.org>

| I am very suspicious of this change, removing the shell script and 
| adding the py to every make check, in haste. In the past me and others 
| spend a lot of time on dist_certs and py variant without satisfactory 
| result. So the switch is postponed.

Jumping in with my 2 cents:

I'd prefer that head of shared branches always work so we don't screw
up others.  (There is a limit to how much extra effort is worthwhile
for the last little bit of certainty.  A clean compile is my minimum
for "obviously correct" changes.)

On the other hand, we should be bold.  There is no other way to cut
down the jungle that has grown up around some things.

If the cert testing environment isn't reproducible in a
straightforward way, that is an urgent problem.

If there is code that appears never to be used, it should be deleted.
If it actually is being used, that should be sanctioned by
documentation (a howto kind of documentation).

"tests first" is a motto that I can read sidways to say that the most
important part of libreswan to get functional is the testing

Superstition must be eliminated.  Or at the very least documented

More information about the Swan-dev mailing list