On 09/21/2011 01:00 PM, Tomas Mraz wrote: > You probably did not understand the meaning of "removing the ability for > disabling dnssec" in the Adam's e-mail. It is not meant to disable the > ability to not use of dnssec completely but that it should not be > possible to simply click away any failures to verify dnssec for domains > that are marked as that they should be validated by dnssec. Simply if a > domain is marked as dnssec enabled in the parent record then it must > have correct dnssec entries or it should not be accepted. Domains that > are not marked as dnssec enabled (that should be the default for admins > that are unable or unwilling to use dnssec on their domains) are not > affected in any way.
You are right I misunderstood him. By all means remove the users availability to simply click them selves away from that. JBG -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
