[Csync2] Feature/change suggestions
Wolfram Schlich
lists at wolfram.schlich.org
Sun Feb 17 12:24:16 CET 2008
* Clifford Wolf <clifford at clifford.at> [2008-02-16 18:55]:
> Hi,
Salut!
> On Sat, Feb 16, 2008 at 04:05:00PM +0100, Wolfram Schlich wrote:
> > now that csync2 maintainership has been handed over to Lars,
> > I have a few feature and change suggestions:
> >
> > 1. Make the paths to csync2_ssl_cert.pem and csync2_ssl_key.pem
> > configurable from within csync2.cfg
>
> chicken-egg problem: the config name is passed in the connection and then
> the config name is used to determine which configuration to use. at this
> time the ssl layer must be established already..
I see. Then what about additional command line parameters for cert and
key? Something like --ssl-cert + --ssl-key would be nice...
> > 2. Support binding to a specific local address for outgoing
> > connections (useful for a machine with multiple "service"
> > addresses of a single subnet)
> >
> > 3. Support POSIX ACLs and extended attributes (like rsync -AX)
> >
> > 4. Support peer certificate verification by checking the certificate
> > trust chain (against given CAs and CRLs) and comparing the
> > certificate CommonName with the peer hostname/FQDN, thus
> > making it possible to use a *real* PKI infrastructure instead
> > of just caching certificates and comparing checksums on subsequent
> > runs.
>
> yep. that features would be cool..
As I got it, Lars won't be implementing anything new and you aren't
interested either. Too bad :)
Lars, what about manpage extensions regarding undescribed
command line options, may I bother you with that?
--
Regards,
Wolfram Schlich <wschlich at gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
More information about the Csync2
mailing list