[Csync2] csync2 and recent gnutls
Giampaolo Tomassoni
g.tomassoni at libero.it
Tue Sep 22 10:45:30 CEST 2009
> > While at it...
> >
> > Rather than implementing yet again some web of trust between your
> servers, I think it would be more useful to get rid of ssl in csync2,
> replacing it with a "pipe mode" via some "tunnel" keyword in the config
> file. The $tunnel command would then be invoked with the peer name to
> connect to, and "--" "/usr/sbin/csync2" (the second one possibly being
> a
> (per-peer?) config parameter as well).
> >
> > For starters, I would be fine without the generic "tunnel" method,
> and
> hardcode the only likely candidate, namely ssh, for some special
> command
> line option. For example tunnel="ssh -l root -o BatchMode=yes".
> >
>
> While I agree that being able to use an arbitrary tunnel is a
> configuration advantage, please make sure that it really is generic --
> for a number of our installations, SSH would be impossible because we
> have very limited trust between the machines and have tightly bounded
> csync2 with SELinux.
Hi Dan,
please note the patch has nothing to do with any improvement or added
feature: it is simply meant to fix a problem with recent versions of the
gnutls library.
The patched csync2 uses ssl anyway. My first concern is about compatibility
with existing csync2 clients and servers. So, if you may try it, you would
be welcome.
Cheers,
Giampaolo
>
> Dan.
More information about the Csync2
mailing list