On Thu, 2010-03-11 at 16:22 -0500, Paul Wouters wrote: > On Thu, 11 Mar 2010, Seth Vidal wrote: > > > And it will be impossible for users running the non-sha256 bind to > > communicate with the sha256 supporting arpa? > > > > I guess I don't understand what do the users of the existing bind LOSE? > > > > Is ARPA expecting everyone to upgrade to a sha256 supporting bind > > immediately? There's no migration window? > > If someone has dnssec enabled in bind including DLV, then the key will be > found and its use will be attempted. I am not sure what happens on an older > bind 9.6.1 when that happens. One will hope it will just continue to be > treated as "insecure" and not as "bogus" (aka servfail). I have not tested > this. > > But I understand your generic point. It's a feature so put it in rawhide/next > release. > > Paul If the case was that it would stop working badly, that falls under the type of update I listed that depends on external data providers. That type of update is allowed. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
