On Thu, 2010-03-11 at 16:22 -0500, Paul Wouters wrote:
> On Thu, 11 Mar 2010, Seth Vidal wrote:
> > And it will be impossible for users running the non-sha256 bind to
> > communicate with the sha256 supporting arpa?
> >
> > I guess I don't understand what do the users of the existing bind LOSE?
> >
> > Is ARPA expecting everyone to upgrade to a sha256 supporting bind
> > immediately? There's no migration window?
> If someone has dnssec enabled in bind including DLV, then the key will be
> found and its use will be attempted. I am not sure what happens on an older
> bind 9.6.1 when that happens. One will hope it will just continue to be
> treated as "insecure" and not as "bogus" (aka servfail). I have not tested
> this.
> But I understand your generic point. It's a feature so put it in rawhide/next
> release.
> Paul

If the case was that it would stop working badly, that falls under the
type of update I listed that depends on external data providers.  That
type of update is allowed.

Jesse Keating
Fedora -- FreedomĀ² is a feature!
identi.ca: http://identi.ca/jkeating

Attachment: signature.asc
Description: This is a digitally signed message part

devel mailing list

Reply via email to