Maybe to state a little clearer; the dnssec-keymgr is for the automation of creation and date management of keys.
All of the actual signing does not require the new python bit. If you're happy managing your keys with dnssec-keygen and dnssec-settime, you can continue using those (non-python) tools. If you want to have a completely hands-off experience with automated key generation and rollover (without having to write your own wrappers), you might want to look into the new keymgr. Stuart > -----Original Message----- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Anand Buddhdev > Sent: Friday, 31 May 2019 8:45 AM > To: Dennis Clarke; bind-users@lists.isc.org > Subject: Re: what is this python stuff in 9.11.7 ?? > > On 31/05/2019 00:21, Dennis Clarke wrote: > > > Someone somewhere figured it made sense to drag in a dependency the > size > > of python? > > The dnssec-keymgr and a couple of other utilities were introduced in > 9.11.0. This is mentioned in the release notes. They are not new to > 9.11.7. > > > It must be a "soft" dependency as named itself seems to need : > > Correct. The BIND daemon doesn't need python. It's only needed by some > of the DNSSEC key management utilities. If you are not going to sign > zones with BIND, you can safely build without python. > > > But a massive brontosaurus lumbering in the size of Python? > > > > Did anyone discuss this in the open or was it a management decision to > > be followed next by mono and C# and perhaps libbloatware.so.1 ?? > > There's no need to be so dramatic about this. Python isn't that big, and > as I said above, you can safely build and run BIND without it if you > don't want to sign zones with it. > > Regards, > Anand _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
