Dear all, I've made a release candidate for a release of OpenDNSSEC (2.1.8rc1), to fix an issue with the purging of keys from the HSM. Since the nature of the operation I've opted to release it as a release candidate first. Another issue being fixed a bug causing a crash after not having run OpenDNSSEC in the midst of a ZSK when you're zone would have gone bogus already.
To the key purge problem. Either when manually purging keys, or having specified a <Purge> in your key policy (kasp.xml), the keys are suppost to be removed from the HSM. However, for some time, the keys were marked for deletion, and became invisible, but the removal from the HSM was skipped. In this release candidate this is fixed, but still allowing keys not to be removed entirely. When you specify an automatic purge then the keys will, after the specified period, will be completely removed. When you purge manually, keys are not removed from the HSM unless you specify an additional flag (the --delete or -d flag). Unless I get negative reports, I'll make a release from this fix after a 1 or 2 weeks grace period. The release candidate is available here: https://dist.opendnssec.org/source/testing/opendnssec-2.1.8rc1.tar.gz \Berry _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
