Your message dated Sun, 17 Nov 2024 21:05:36 +0100
with message-id <[email protected]>
and subject line Re: Bug#925349: src:dns-root-data: Should automate root key
transitions (at job? systemd timer?)
has caused the Debian Bug report #925349,
regarding src:dns-root-data: Should automate root key transitions (at job?
systemd timer?)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
925349: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925349
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:dns-root-data
Severity: wishlist
root-anchors.xml (from IANA) contains validity window dates. So the
package could effectively know when to add a new key or drop an old
key well before it happens.
While we can perform such a drop by upgrading the dns-root-data
package, getting the package to install at a specific time is probably
impossible.
Instead, we could ship all the files that we know about based on their
transition times, and find some way to do an automated transition
between those files.
one idea:
* ship a script which adjusts symlinks on the basis of the current
date and invokes the dpkg triggers for the relevant file locations.
* generate systemd timer units that invoke the script at the
appropriate time.
--dkg
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200,
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On Mar 23, Daniel Kahn Gillmor <[email protected]> wrote:
> root-anchors.xml (from IANA) contains validity window dates. So the
> package could effectively know when to add a new key or drop an old
> key well before it happens.
I checked with IANA: consumers of root-anchors.xml are supposed to use
all the records in it which are valid and not expired, even if they are
not yet in the root zone.
The next release of the package will do this indeed.
--
ciao,
Marco
signature.asc
Description: PGP signature
--- End Message ---
