Package: src:dns-root-data Severity: wishlist root-anchors.xml (from IANA) contains validity window dates. So the package could effectively know when to add a new key or drop an old key well before it happens.
While we can perform such a drop by upgrading the dns-root-data package, getting the package to install at a specific time is probably impossible. Instead, we could ship all the files that we know about based on their transition times, and find some way to do an automated transition between those files. one idea: * ship a script which adjusts symlinks on the basis of the current date and invokes the dpkg triggers for the relevant file locations. * generate systemd timer units that invoke the script at the appropriate time. --dkg -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
