On Thu, 18 Jun 2015, Dan Williams wrote:
The drawbacks I see to dnssec-trigger here are:
2) provides only HTTPS IPC, perhaps because it works on all platforms. But a Linux-only solution would typically use a unix socket or D-Bus and be secured by Unix or D-Bus permissions instead of using certificates.
Recenyly unbound was patched to allow a local socket so we don't have to go through HTTPS. This was merged upstream. A similar patch could be adopted for dnssec-triggerd and I see now reason why (the same) upstream would refuse it. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
