Hi Paul, all,
On Tue, Jun 29, 2021 at 1:40 AM Paul Wouters wrote:
>
> On Mon, 28 Jun 2021, Ben Cotton wrote:
>
> > https://fedoraproject.org/wiki/Change/DisableSHA1InOpenDNSSec
>
> > == Detailed Description ==
> >
> > OpenDNSSec changed the default behavior to not include SHA1 DS by
> > default,
https://fedoraproject.org/wiki/Change/DisableSHA1InOpenDNSSec
== Summary ==
OpenDNSSec' enforcer has a (deprecated) -sha1 CLI option that brings
back the old behavior, e.g. include the SHA1 version of the DS. As
SHA1 use is deprecated in favour of SHA256, disable the -sha1 CLI knob
so that it