On Wed, 18 Nov 2020 13:22:50 +0100 "\(Berry\) A.W. van Halderen via Opendnssec-user" <[email protected]> wrote:
> Dear all, Hello Berry, > I've made a release candidate for a release of OpenDNSSEC (2.1.8rc1), > to fix an issue with the purging of keys from the HSM. Thank you very much for this new release. > To the key purge problem. Either when manually purging keys, or > having specified a <Purge> in your key policy (kasp.xml), the keys > are suppost to be removed from the HSM. However, for some time, the > keys were marked for deletion, and became invisible, but the removal > from the HSM was skipped. In this release candidate this is fixed, > but still allowing keys not to be removed entirely. When you specify > an automatic purge then the keys will, after the specified period, > will be completely removed. When you purge manually, keys are not > removed from the HSM unless you specify an additional flag (the > --delete or -d flag). A minor point for improvement, the enforcer/man/ods-enforcer.8.in file has not been updated to describe the --delete or -d flag. > Unless I get negative reports, I'll make a release from this fix after > a 1 or 2 weeks grace period. I'll continue testing the new release and will let you know if I find something else. -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgpCrIEejhrhs.pgp
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
