[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] copyright/license to jetty-base/etc/keystore?
|
Hi,
On Fri, May 27, 2022 at 4:14 PM Bill Ross via jetty-users
<jetty-users@xxxxxxxxxxx> wrote:
>
> I forget if I made this file or got it as part of jetty,
>
> 3697 Aug 18 2018 jetty-base/etc/keystore
>
> and want to find out where it came from, and whether it's legal and makes sense to distribute it, plus whether/how it should be copyrighted and licensed.
>
> Any licensing experts who are curious, I'm using 'reuse lint' to sort out SPDX-style license-tracking for an AGPL project.
Given the KeyStore file name, you're probably using Jetty 9.4.x.
Please be aware that Jetty 9.4.x has reached the end of community
support, see https://github.com/eclipse/jetty.project/issues/7958.
The file is automatically copied from JETTY_HOME to JETTY_BASE when
you enable, for example, the "https" Jetty module (or any other Jetty
module that depends on it).
However, it may be that you have created this file yourself.
If it's created by Jetty, then it does not make sense to distribute
it, because it's a KeyStore file with a public password containing a
self-signed, likely expired, certificate for host "Jetty Server", so
it won't be good for any real usage.
Look inside with:
$ keytool -v -list -keystore jetty-base/etc/keystore
The KeyStore password is (it's already public and used throughout the
Jetty source code): storepwd
In Jetty 10 we create this file on-the-fly every time, but it's again
a self-signed certificate for "localhost", so again not good for any
real usage (just to get you started with https).
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
