Stable Release Updates types proposal (was Re: Fedora Board Meeting Recap 2010-03-11)
Jesse Keating
jkeating at redhat.com
Thu Mar 11 21:46:32 UTC 2010
On Thu, 2010-03-11 at 16:22 -0500, Paul Wouters wrote:
> On Thu, 11 Mar 2010, Seth Vidal wrote:
>
> > And it will be impossible for users running the non-sha256 bind to
> > communicate with the sha256 supporting arpa?
> >
> > I guess I don't understand what do the users of the existing bind LOSE?
> >
> > Is ARPA expecting everyone to upgrade to a sha256 supporting bind
> > immediately? There's no migration window?
>
> If someone has dnssec enabled in bind including DLV, then the key will be
> found and its use will be attempted. I am not sure what happens on an older
> bind 9.6.1 when that happens. One will hope it will just continue to be
> treated as "insecure" and not as "bogus" (aka servfail). I have not tested
> this.
>
> But I understand your generic point. It's a feature so put it in rawhide/next
> release.
>
> Paul
If the case was that it would stop working badly, that falls under the
type of update I listed that depends on external data providers. That
type of update is allowed.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100311/97545a89/attachment.bin
More information about the devel
mailing list