On Thu, Sep 22, 2022 at 08:13:53PM +0200, Ondřej Surý wrote: > I am sorry this has caused inconvenience for you, but the original problem > here was that the implicit inline-signing with the dnssec-policy was also > problematic and causing other problems, see the upstream issue: > https://gitlab.isc.org/isc-projects/bind9/-/issues/3381 > > Especially this: > https://gitlab.isc.org/isc-projects/bind9/-/issues/3381#note_308893
Sure, but that's not appropriate to change in a stable-security update. You can ask the SRMs whether it is applicable for a stable update (I would say no; the point of stable is that you know what issues you have and don't get new ones), but you cannot just put it into a security update unless they are positively required for the security issues in question. /* Steinar */ -- Homepage: https://www.sesse.net/