From matthijs at nlnetlabs.nl Wed Feb 1 14:43:43 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Wed, 01 Feb 2012 15:43:43 +0100 Subject: [Opendnssec-develop] Minutes of today's meeting Message-ID: <4F294F9F.1080806@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-01+Minutes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPKU+eAAoJEA8yVCPsQCW5d7MH/RegxkLeWkjk2Klzp3DWeafS dxt2eC37dgol0vZlJvpU3qe+wE7DK8BTSmGkic3Q7lcosCrstLHgP5LgCrUovsl5 B0kGBmUxgsLaXo3BkHukxcrtEqC9xEfz4iDW1uZwHVW64xpt25A7hI8S+oqB8LC4 wvEHsuVXGY+sddW01PBj+VBw42EM9FbOcGr0C59+pOGhE+LZQFMm4qorrFBidCI2 gazRIu5ViDMF7rgTphuOcyeSI97LaFlsMQv0nKViKkLLB+FE2xQ5/bIonMSa62AM c1TE75CAXhOwbnhMowAVZiDl/TyKgGR8VAoOyEs/JCG6xLnzGCNzISewralTMsU= =SeHM -----END PGP SIGNATURE----- From Roland.vanRijswijk at surfnet.nl Wed Feb 1 14:56:23 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Wed, 1 Feb 2012 15:56:23 +0100 Subject: [Opendnssec-develop] Database backends & build or run-time dependencies Message-ID: Hi Jerry, I read in today's minutes that you are proposing to make the database backend used by the Enforcer NG something that is decided in the configuration rather than at compile time. I have some issues with that since it would potentially require users to install unnecessary dependencies (e.g. they have to install sqlite3 if they just want to use mysql). May I propose an alternative solution? What if you separate out the database specific code into a shared library? That allows package maintainers to package separate database backends and gives users the option of only installing the backend they need. And I would still be in favour of making which backends are built a compile time option such that normally all backends are built but users can decide not to build one or more backends if they compile from source and are not interested in the other backends. Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Wed Feb 1 15:12:30 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 1 Feb 2012 16:12:30 +0100 Subject: [Opendnssec-develop] Re: Database backends & build or run-time dependencies In-Reply-To: References: Message-ID: On Feb 1, 2012, at 15:56 , Roland van Rijswijk wrote: > What if you separate out the database specific code into a shared library? That allows package maintainers to package separate database backends and gives users the option of only installing the backend they need. And I would still be in favour of making which backends are built a compile time option such that normally all backends are built but users can decide not to build one or more backends if they compile from source and are not interested in the other backends. Using a shared library is also doable. I've just brought this up with our package maintainers and we will see how the discussion goes. For compiling users this isn't really a problem since it would detect what backends are available / already installed. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From Roland.vanRijswijk at surfnet.nl Wed Feb 1 15:13:46 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Wed, 1 Feb 2012 16:13:46 +0100 Subject: [Opendnssec-develop] Re: Database backends & build or run-time dependencies In-Reply-To: References: Message-ID: <95555E07-070E-489F-B33F-D9CD8AFEA861@surfnet.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jerry, On 1 feb 2012, at 16:12, Jerry Lundstr?m wrote: > On Feb 1, 2012, at 15:56 , Roland van Rijswijk wrote: > >> What if you separate out the database specific code into a shared library? That allows package maintainers to package separate database backends and gives users the option of only installing the backend they need. And I would still be in favour of making which backends are built a compile time option such that normally all backends are built but users can decide not to build one or more backends if they compile from source and are not interested in the other backends. > > > Using a shared library is also doable. I've just brought this up with our package maintainers and we will see how the discussion goes. For compiling users this isn't really a problem since it would detect what backends are available / already installed. OK, excellent, looking forward to the outcome! Cheers, Roland - -- Roland M. van Rijswijk - -- SURFnet Middleware Services - -- t: +31-30-2305388 - -- e: roland.vanrijswijk at surfnet.nl -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQEcBAEBAgAGBQJPKVatAAoJELddXisbx14rvGoIAIyfz/P742EKqMB+YlWxLlZx MzPpiu/8muBxGAaOL8ZzlUHhvXELfqwv/D7Xtsbc02VIjXAafj5FUXCvh/ueiFsQ cIroWOpAZ8riBEndZGxM0x8NrxMr9/CwFeKtzb9cIVwJ3zfey8bD3IKa4B8X1Pjq psmrPAsNc2TrEz87DpzXwv5pYGMFzKVUlHs6qE8uo8/joQ28TyNKLDQv3nD28Nw+ WCHvcXtpSRitu9GJ+YvctNlljub+bGkKKfwaajE/R4lO4QtHAab8eXfTuniM0oiZ 6i1XAeq3NYtd+8qEjisGMLVidGzTKg3dKrwcPcbBbQcrWu1/qkg5KqWhXBtoOMw= =0qXB -----END PGP SIGNATURE----- From jerry at opendnssec.org Wed Feb 8 07:48:48 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 8 Feb 2012 08:48:48 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests Message-ID: Hi, Yesterday I pushed the test framework to most branches and put up the jobs on Jenkins, you can view the different branches here: 1.3: https://jenkins.opendnssec.org/view/1.3/ EnforcerNG: https://jenkins.opendnssec.org/view/enforcer-ng/ trunk: https://jenkins.opendnssec.org/view/trunk/ 1.3 builds and tests on all platforms, trunk has a problem on OpenBSD that pselect() does not exist and Matthijs is working on a compat pselect(). Enforcer NG has a lot of problems building on *BSD, I have made some issues regarding that but more investigation needs to be done. Today I hope to finish making a HOWTO about developing tests locally and test them before committing. I have also thought about maybe having a telephone conference shared screen session where I could go through the framework, how to develop tests and deploy them so you can see and ask questions as they pop up, is that something anyone would be interested in ? Cheers, Jerry From AlexD at nominet.org.uk Wed Feb 8 07:56:21 2012 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Wed, 8 Feb 2012 07:56:21 +0000 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: References: Message-ID: > I have also thought about maybe having a telephone conference shared > screen session where I could go through the framework, how to develop > tests and deploy them so you can see and ask questions as they pop up, > is that something anyone would be interested in ? I think that's a great idea! Alex. From rickard at opendnssec.org Wed Feb 8 08:23:20 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 8 Feb 2012 09:23:20 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: References: Message-ID: On Wed, Feb 8, 2012 at 8:56 AM, Alex Dalitz wrote: >> I have also thought about maybe having a telephone conference shared >> screen session where I could go through the framework, how to develop >> tests and deploy them so you can see and ask questions as they pop up, >> is that something anyone would be interested in ? > > I think that's a great idea! +1 From matthijs at nlnetlabs.nl Wed Feb 8 08:51:25 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Wed, 08 Feb 2012 09:51:25 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: References: Message-ID: <4F32378D.5000908@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ack. You want to do that in a regular telephone meeting, or schedule an additional one for that? On 02/08/2012 09:23 AM, Rickard Bellgrim wrote: > On Wed, Feb 8, 2012 at 8:56 AM, Alex Dalitz wrote: >>> I have also thought about maybe having a telephone conference shared >>> screen session where I could go through the framework, how to develop >>> tests and deploy them so you can see and ask questions as they pop up, >>> is that something anyone would be interested in ? >> >> I think that's a great idea! > > +1 > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPMjeNAAoJEA8yVCPsQCW5otwH/1jRvUiPGxWfQPvbLdiBPbpG zdintGzafI48U/S/g/KRJ9pskK3sjbvTTMHjbQmYTYEeSqKzIX/SYwru9wHbLfAQ /ubpKOMCZUSiMeEbAm7vZiCWElrVc8Log3fMY4YXmnWRLhK0BWy0/6lCJ98fzi+F LS158bcJvQhnYpBjbu8tQ2QXaWppXUx4tACGll02yTlyb25WsMhgDa4OzHTrYmsB 0jm5Yl6n2ydWvKl/6taCF92pV/7mvHzs453j2Oq9pnMIaLe0WmnzuefH99n0xocV a8U+l9VBK+kgjDlN2z3noJcn2Q2VhCRK+upr3886sNFjvx1nZiKHrvQPRewnj5k= =2EvS -----END PGP SIGNATURE----- From jerry at opendnssec.org Wed Feb 8 09:17:08 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 8 Feb 2012 10:17:08 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: <4F32378D.5000908@nlnetlabs.nl> References: <4F32378D.5000908@nlnetlabs.nl> Message-ID: On Wed, Feb 8, 2012 at 9:51 AM, Matthijs Mekking wrote: > Ack. You want to do that in a regular telephone meeting, or schedule an > additional one for that? Additional/separate, depending on the number of participants it might take 1 hour or 3. /Jerry From sion at nominet.org.uk Wed Feb 8 09:20:05 2012 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Wed, 8 Feb 2012 09:20:05 +0000 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: References: <4F32378D.5000908@nlnetlabs.nl> Message-ID: <4F323E45.1070002@nominet.org.uk> On 08/02/12 09:17, Jerry Lundstr?m wrote: > On Wed, Feb 8, 2012 at 9:51 AM, Matthijs Mekking wrote: >> Ack. You want to do that in a regular telephone meeting, or schedule an >> additional one for that? > Additional/separate, depending on the number of participants it might > take 1 hour or 3. > > I think an additional one. We have enough to discuss in the usual meeting with the "can we release 1.4" question. Sion From Roland.vanRijswijk at surfnet.nl Thu Feb 9 08:53:41 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 9 Feb 2012 09:53:41 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST Message-ID: Hi all, Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 10:00h CET / 9:00h BST. Here are the conference details: Dial-in to +31-30-2040323 Conference PIN: 030003 Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From yuri at nlnetlabs.nl Thu Feb 9 09:07:09 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 09 Feb 2012 10:07:09 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: References: Message-ID: <4F338CBD.3070309@nlnetlabs.nl> > Conference PIN: 030003 pin is invalid? -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From Roland.vanRijswijk at surfnet.nl Thu Feb 9 09:17:59 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 9 Feb 2012 10:17:59 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: References: Message-ID: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> Hi all, It seems the call did not make it into everybody's agenda, I would like to propose a new date & time: Thursday 23rd of February at 10:00h CET, 9:00h BST Can you let me know if you are available? Cheers, Roland On 9 feb. 2012, at 09:53, Roland van Rijswijk wrote: > Hi all, > > Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 10:00h CET / 9:00h BST. Here are the conference details: > > Dial-in to +31-30-2040323 > > Conference PIN: 030003 > > Cheers, > > Roland > > -- Roland M. van Rijswijk > -- SURFnet Middleware Services > -- t: +31-30-2305388 > -- e: roland.vanrijswijk at surfnet.nl > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Thu Feb 9 09:21:15 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 9 Feb 2012 10:21:15 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: <4F323E45.1070002@nominet.org.uk> References: <4F32378D.5000908@nlnetlabs.nl> <4F323E45.1070002@nominet.org.uk> Message-ID: Hi all, How about 20th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? Could share my screen out via Skype if that works with everyone or if someone has a better alternative? /Jerry From jerry at opendnssec.org Thu Feb 9 09:26:27 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 9 Feb 2012 10:26:27 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> Message-ID: Who should attend these teleconf's, everyone or just the people involved? Me, Rickard and Patrik are busy on the 23rd, its OpenDNSSEC course day 2 with an amazing 26 attendees! /Jerry On Thu, Feb 9, 2012 at 10:17 AM, Roland van Rijswijk wrote: > Hi all, > > It seems the call did not make it into everybody's agenda, I would like to propose a new date & time: > > Thursday 23rd of February at 10:00h CET, 9:00h BST > > Can you let me know if you are available? > > Cheers, > > Roland From Roland.vanRijswijk at surfnet.nl Thu Feb 9 09:28:43 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 9 Feb 2012 10:28:43 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> Message-ID: <74D09403-DE70-4508-99FE-05538D25AE29@surfnet.nl> Hi Jerry, On 9 feb. 2012, at 10:26, Jerry Lundstr?m wrote: > Who should attend these teleconf's, everyone or just the people involved? > > Me, Rickard and Patrik are busy on the 23rd, its OpenDNSSEC course day > 2 with an amazing 26 attendees! Ah OK, well it would be helpful if Rickard & you - as people working on the task - would dial in ;-). How about Tuesday the 21st at 10:30h? Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Thu Feb 9 09:41:25 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 9 Feb 2012 10:41:25 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: <74D09403-DE70-4508-99FE-05538D25AE29@surfnet.nl> References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> <74D09403-DE70-4508-99FE-05538D25AE29@surfnet.nl> Message-ID: That week and the week before (next week that is) are pretty full booked right now for me. I can today and tomorrow, just didn't know about it today and that I was needed. /Jerry On Thu, Feb 9, 2012 at 10:28 AM, Roland van Rijswijk wrote: > Hi Jerry, > > On 9 feb. 2012, at 10:26, Jerry Lundstr?m wrote: > >> Who should attend these teleconf's, everyone or just the people involved? >> >> Me, Rickard and Patrik are busy on the 23rd, its OpenDNSSEC course day >> 2 with an amazing 26 attendees! > > > Ah OK, well it would be helpful if Rickard & you - as people working on the task - would dial in ;-). How about Tuesday the 21st at 10:30h? > > Cheers, > > Roland > > -- Roland M. van Rijswijk > -- SURFnet Middleware Services > -- t: +31-30-2305388 > -- e: roland.vanrijswijk at surfnet.nl > From Roland.vanRijswijk at surfnet.nl Thu Feb 9 09:52:01 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 9 Feb 2012 10:52:01 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> <74D09403-DE70-4508-99FE-05538D25AE29@surfnet.nl> Message-ID: <7E679B7C-BA85-4E7D-9F40-A171AD53D7E2@surfnet.nl> Jerry, How about March 1st at 10:00h? Cheers, Roland On 9 feb. 2012, at 10:41, Jerry Lundstr?m wrote: > That week and the week before (next week that is) are pretty full > booked right now for me. > > I can today and tomorrow, just didn't know about it today and that I was needed. > > /Jerry > > On Thu, Feb 9, 2012 at 10:28 AM, Roland van Rijswijk > wrote: >> Hi Jerry, >> >> On 9 feb. 2012, at 10:26, Jerry Lundstr?m wrote: >> >>> Who should attend these teleconf's, everyone or just the people involved? >>> >>> Me, Rickard and Patrik are busy on the 23rd, its OpenDNSSEC course day >>> 2 with an amazing 26 attendees! >> >> >> Ah OK, well it would be helpful if Rickard & you - as people working on the task - would dial in ;-). How about Tuesday the 21st at 10:30h? >> >> Cheers, >> >> Roland >> >> -- Roland M. van Rijswijk >> -- SURFnet Middleware Services >> -- t: +31-30-2305388 >> -- e: roland.vanrijswijk at surfnet.nl >> -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Thu Feb 9 09:54:45 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 9 Feb 2012 10:54:45 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: <7E679B7C-BA85-4E7D-9F40-A171AD53D7E2@surfnet.nl> References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> <74D09403-DE70-4508-99FE-05538D25AE29@surfnet.nl> <7E679B7C-BA85-4E7D-9F40-A171AD53D7E2@surfnet.nl> Message-ID: On Thu, Feb 9, 2012 at 10:52 AM, Roland van Rijswijk wrote: > > How about March 1st at 10:00h? Works for me. /Jerry From yuri at nlnetlabs.nl Thu Feb 9 10:01:29 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 09 Feb 2012 11:01:29 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> <74D09403-DE70-4508-99FE-05538D25AE29@surfnet.nl> <7E679B7C-BA85-4E7D-9F40-A171AD53D7E2@surfnet.nl> Message-ID: <4F339979.7050807@nlnetlabs.nl> > How about March 1st at 10:00h? Works for me. -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From Roland.vanRijswijk at surfnet.nl Thu Feb 9 10:06:32 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 9 Feb 2012 11:06:32 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> Message-ID: Hi all, March 1st at 10:00h CET / 9:00h BST seems to work better for some, so let's go for that date & time. Cheers, Roland On 9 feb. 2012, at 10:17, Roland van Rijswijk wrote: > Hi all, > > It seems the call did not make it into everybody's agenda, I would like to propose a new date & time: > > Thursday 23rd of February at 10:00h CET, 9:00h BST > > Can you let me know if you are available? > > Cheers, > > Roland > > On 9 feb. 2012, at 09:53, Roland van Rijswijk wrote: > >> Hi all, >> >> Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 10:00h CET / 9:00h BST. Here are the conference details: >> >> Dial-in to +31-30-2040323 >> >> Conference PIN: 030003 >> >> Cheers, >> >> Roland >> >> -- Roland M. van Rijswijk >> -- SURFnet Middleware Services >> -- t: +31-30-2305388 >> -- e: roland.vanrijswijk at surfnet.nl >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > > > -- Roland M. van Rijswijk > -- SURFnet Middleware Services > -- t: +31-30-2305388 > -- e: roland.vanrijswijk at surfnet.nl > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From yuri at nlnetlabs.nl Thu Feb 9 10:37:38 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 09 Feb 2012 11:37:38 +0100 Subject: [Opendnssec-develop] enforcer-ng rules need some work Message-ID: <4F33A1F2.6060600@nlnetlabs.nl> Hi, FYI, careful review done by Wouter revealed a problem in the enforcer-ng set of rules. We've discussed it before but somewhere during the evolution of the model I believed it no longer to be a problem. (can't remember why) a simple example: We have 3 ZSKs A,B,C and all signatures of every key are fully propagated. A has its DNSKEY propagated. 1) we swap the DNSKEY from A and B. 2) now we change our mind and swap the DNSKEY B with C. This is still okay, validators have either [A|B|C] but the rules *could* conclude a chain can be build with [AC|BC] (instead of [ABC]) and thus prematurely stop publishing the signatures of one of [A|B] This potentially breaks stuff during unexpected rollovers. In my opinion this issue should be addressed before moving on to other release blockers. I can think of a couple solutions but so far none is satisfying. Also, I'm trying to track down why I believed this wasn't an issue any more. //yuri -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From matthijs at nlnetlabs.nl Thu Feb 9 10:42:31 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 09 Feb 2012 11:42:31 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.3.6 In-Reply-To: <4EC95F9B-4388-4E49-B9AB-712BE32A57C5@kirei.se> References: <243A18BE-D2AB-4087-9BF9-E7E578E1E372@nominet.org.uk> <4F16D086.7010302@nlnetlabs.nl> <27925F74-90A0-428F-A0C3-5C994FBA22CB@nominet.org.uk> <4EC95F9B-4388-4E49-B9AB-712BE32A57C5@kirei.se> Message-ID: <4F33A317.3070707@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two more issues need to be closed, and then we can release. Jerry, can you take a look (being the reporter of the issues)? https://issues.opendnssec.org/browse/OPENDNSSEC-57 https://issues.opendnssec.org/browse/OPENDNSSEC-178 Best regards, Matthijs On 01/23/2012 10:38 AM, Jakob Schlyter wrote: > On 19 jan 2012, at 10:17, Rickard Bellgrim wrote: > >> On Wed, Jan 18, 2012 at 3:14 PM, Alex Dalitz >> wrote: >>>> But I think this is a real minor issue, surely not a blocking >>>> one. >>> >>> Agree absolutely! >> >> Ok, the we all agree that we can go ahead with the release. >> Jakob? > > it is done, please do your magic announce thing. > > jakob > > _______________________________________________ Opendnssec-develop > mailing list Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPM6MXAAoJEA8yVCPsQCW5k+kH/REpJ/B4/MQPCSeOu0+a7zSl 69MKENRDyGRekPhjF1iuODQAHN2PzXLBY0tDrBvztl9O0b9IhelGSk6h6XteHy0H qRXSuaVwQpJj3nf5k19Qsz9860esHlkoQbV0AMl2lqIvvicK2aoGdt38QNVOJKz1 Xbb89Q6XRwqCvEtJUtm9NYhbvuhI8TpvFCAPm+2/m/nbY4oFTY50pL39s229/5gp qVYFIhCTYDYcIaJrrPBUR5TKePRJX2hR3jIZq0rUgaVRGN3TmwSdF3p33/fB3AdM nhKTNcX4bA0LO8hh4qsZpKmYDcUQttGB3g8CIhLia1rA1GESeLaIzq9NLcFqBmM= =XuGC -----END PGP SIGNATURE----- From jerry at opendnssec.org Thu Feb 9 10:45:41 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 9 Feb 2012 11:45:41 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.3.6 In-Reply-To: <4F33A317.3070707@nlnetlabs.nl> References: <243A18BE-D2AB-4087-9BF9-E7E578E1E372@nominet.org.uk> <4F16D086.7010302@nlnetlabs.nl> <27925F74-90A0-428F-A0C3-5C994FBA22CB@nominet.org.uk> <4EC95F9B-4388-4E49-B9AB-712BE32A57C5@kirei.se> <4F33A317.3070707@nlnetlabs.nl> Message-ID: Yes I will, Rickard has already nagged about this. Want to finish the documentations on making a local test first and I'm almost done. On Thu, Feb 9, 2012 at 11:42 AM, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Two more issues need to be closed, and then we can release. Jerry, can > you take a look (being the reporter of the issues)? > > https://issues.opendnssec.org/browse/OPENDNSSEC-57 > https://issues.opendnssec.org/browse/OPENDNSSEC-178 > > Best regards, > ?Matthijs > > On 01/23/2012 10:38 AM, Jakob Schlyter wrote: >> On 19 jan 2012, at 10:17, Rickard Bellgrim wrote: >> >>> On Wed, Jan 18, 2012 at 3:14 PM, Alex Dalitz >>> wrote: >>>>> But I think this is a real minor issue, surely not a blocking >>>>> one. >>>> >>>> Agree absolutely! >>> >>> Ok, the we all agree that we can go ahead with the release. >>> Jakob? >> >> it is done, please do your magic announce thing. >> >> jakob >> >> _______________________________________________ Opendnssec-develop >> mailing list Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJPM6MXAAoJEA8yVCPsQCW5k+kH/REpJ/B4/MQPCSeOu0+a7zSl > 69MKENRDyGRekPhjF1iuODQAHN2PzXLBY0tDrBvztl9O0b9IhelGSk6h6XteHy0H > qRXSuaVwQpJj3nf5k19Qsz9860esHlkoQbV0AMl2lqIvvicK2aoGdt38QNVOJKz1 > Xbb89Q6XRwqCvEtJUtm9NYhbvuhI8TpvFCAPm+2/m/nbY4oFTY50pL39s229/5gp > qVYFIhCTYDYcIaJrrPBUR5TKePRJX2hR3jIZq0rUgaVRGN3TmwSdF3p33/fB3AdM > nhKTNcX4bA0LO8hh4qsZpKmYDcUQttGB3g8CIhLia1rA1GESeLaIzq9NLcFqBmM= > =XuGC > -----END PGP SIGNATURE----- > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From matthijs at nlnetlabs.nl Thu Feb 9 10:46:31 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 09 Feb 2012 11:46:31 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.3.6 In-Reply-To: References: <243A18BE-D2AB-4087-9BF9-E7E578E1E372@nominet.org.uk> <4F16D086.7010302@nlnetlabs.nl> <27925F74-90A0-428F-A0C3-5C994FBA22CB@nominet.org.uk> <4EC95F9B-4388-4E49-B9AB-712BE32A57C5@kirei.se> <4F33A317.3070707@nlnetlabs.nl> Message-ID: <4F33A407.4060107@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok, sorry for the double nagging. On 02/09/2012 11:45 AM, Jerry Lundstr?m wrote: > Yes I will, Rickard has already nagged about this. Want to finish > the documentations on making a local test first and I'm almost > done. > > On Thu, Feb 9, 2012 at 11:42 AM, Matthijs Mekking > wrote: Two more issues need to be closed, > and then we can release. Jerry, can you take a look (being the > reporter of the issues)? > > https://issues.opendnssec.org/browse/OPENDNSSEC-57 > https://issues.opendnssec.org/browse/OPENDNSSEC-178 > > Best regards, Matthijs > > On 01/23/2012 10:38 AM, Jakob Schlyter wrote: >>>> On 19 jan 2012, at 10:17, Rickard Bellgrim wrote: >>>> >>>>> On Wed, Jan 18, 2012 at 3:14 PM, Alex Dalitz >>>>> wrote: >>>>>>> But I think this is a real minor issue, surely not a >>>>>>> blocking one. >>>>>> >>>>>> Agree absolutely! >>>>> >>>>> Ok, the we all agree that we can go ahead with the >>>>> release. Jakob? >>>> >>>> it is done, please do your magic announce thing. >>>> >>>> jakob >>>> >>>> _______________________________________________ >>>> Opendnssec-develop mailing list >>>> Opendnssec-develop at lists.opendnssec.org >>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > >>>> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPM6QGAAoJEA8yVCPsQCW5e1AIANOKTGgojcbssTuO7++synyu XkGDNmM3IOLi8LBiuFCHJfxrAuZq54qyQHbaIeippySAGGsqi9Iw0PzloIJKQGL6 pwXdf0CR8ev9k0NU3uNx0NzbVxiR8yBKSrfQQOKKat7id5VwdvFb/PazNZV/1uaa g4zQDAmD9z+Y6yd33l4NhHa6PZcqoT/M+EY4TVebgWh/mI0B1bbQKQZAu8z7biXG Urom8Bti2HInbbBA44ZxypfdkYfGmSO6F+YzaHsVN13KdLxW4xdabjP3WABgjG3t Pwje0yIYg/axqNh22Bw/pPHMYku+NRTVSIlQfR8bV30YiK3Z/rOobmtiMLgpiKE= =Q2XT -----END PGP SIGNATURE----- From jerry at opendnssec.org Thu Feb 9 11:29:13 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 9 Feb 2012 12:29:13 +0100 Subject: [Opendnssec-develop] How To: Develop tests locally Message-ID: Hi, Just finished writing the documentation/wiki on how to develop tests locally, if anyone wants to have a look please do (spelling, grammar, understandable?, etc). https://wiki.opendnssec.org/display/OpenDNSSEC/HowTo+Develop+tests+locally Please note that the instructions won't work right now since I need to patch the framework and I'm working from home today and don't have access to my svn+ssh key. I will commit as soon as I can and reply on this thread when its done. /Jerry From rickard at opendnssec.org Fri Feb 10 09:52:48 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Fri, 10 Feb 2012 10:52:48 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon at 10:00h CET / 9:00h BST In-Reply-To: References: <24523716-C802-428D-A574-5331E4C307B0@surfnet.nl> Message-ID: Works for me On Thu, Feb 9, 2012 at 11:06 AM, Roland van Rijswijk wrote: > Hi all, > > March 1st at 10:00h CET / 9:00h BST seems to work better for some, so let's go for that date & time. > > Cheers, > > Roland > > On 9 feb. 2012, at 10:17, Roland van Rijswijk wrote: > >> Hi all, >> >> It seems the call did not make it into everybody's agenda, I would like to propose a new date & time: >> >> Thursday 23rd of February at 10:00h CET, 9:00h BST >> >> Can you let me know if you are available? >> >> Cheers, >> >> Roland >> >> On 9 feb. 2012, at 09:53, Roland van Rijswijk wrote: >> >>> Hi all, >>> >>> Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 10:00h CET / 9:00h BST. Here are the conference details: >>> >>> Dial-in to +31-30-2040323 >>> >>> Conference PIN: 030003 >>> >>> Cheers, >>> >>> Roland >>> >>> -- Roland M. van Rijswijk >>> -- SURFnet Middleware Services >>> -- t: +31-30-2305388 >>> -- e: roland.vanrijswijk at surfnet.nl >>> >>> _______________________________________________ >>> Opendnssec-develop mailing list >>> Opendnssec-develop at lists.opendnssec.org >>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop >> >> >> -- Roland M. van Rijswijk >> -- SURFnet Middleware Services >> -- t: +31-30-2305388 >> -- e: roland.vanrijswijk at surfnet.nl >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > > > -- Roland M. van Rijswijk > -- SURFnet Middleware Services > -- t: +31-30-2305388 > -- e: roland.vanrijswijk at surfnet.nl > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From jerry at opendnssec.org Fri Feb 10 13:52:27 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Fri, 10 Feb 2012 14:52:27 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports Message-ID: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> Hi, Where do we want the build mails? Send it to the commit list or make a new one? /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From rickard at opendnssec.org Mon Feb 13 07:27:06 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 13 Feb 2012 08:27:06 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> Message-ID: > Where do we want the build mails? > > Send it to the commit list or make a new one? Commit list would be ok for me. // Rickard From rickard at opendnssec.org Tue Feb 14 08:22:02 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 09:22:02 +0100 Subject: [Opendnssec-develop] Meeting today Message-ID: Hi everyone Sorry for sending the agenda a little bit late. The meeting is today at 14:00-15:00 CET, 13:00-14:00 GMT https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-14+Agenda // Rickard From jerry at opendnssec.org Tue Feb 14 08:27:04 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 14 Feb 2012 09:27:04 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> Message-ID: Me want more comments!!! On Feb 13, 2012, at 08:27 , Rickard Bellgrim wrote: >> Where do we want the build mails? >> >> Send it to the commit list or make a new one? > > Commit list would be ok for me. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From rickard at opendnssec.org Tue Feb 14 08:31:29 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 09:31:29 +0100 Subject: [Opendnssec-develop] enforcer-ng rules need some work In-Reply-To: <4F33A1F2.6060600@nlnetlabs.nl> References: <4F33A1F2.6060600@nlnetlabs.nl> Message-ID: > a simple example: We have 3 ZSKs A,B,C and all signatures of every key > are fully propagated. A has its DNSKEY propagated. > > 1) we swap the DNSKEY from A and B. > 2) now we change our mind and swap the DNSKEY B with C. > > This is still okay, validators have either [A|B|C] > but the rules *could* conclude a chain can be build with [AC|BC] > (instead of [ABC]) and thus prematurely stop publishing the signatures > of one of [A|B] > > This potentially breaks stuff during unexpected rollovers. > > In my opinion this issue should be addressed before moving on to other > release blockers. I can think of a couple solutions but so far none is > satisfying. Also, I'm trying to track down why I believed this wasn't an > issue any more. You mean that the "timer" for the removal of the signatures by A will start when B is being introduced and when we switch over to C the timer is not reset? The removal of the signatures by B should be treated correctly, right? Since that "timer" is only started once we move over to C. // Rickard From jerry at opendnssec.org Tue Feb 14 08:37:05 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 14 Feb 2012 09:37:05 +0100 Subject: [Opendnssec-develop] Meeting today In-Reply-To: References: Message-ID: <757BB918-18E5-4C6D-8780-DF6A056FAF51@opendnssec.org> On Feb 14, 2012, at 09:22 , Rickard Bellgrim wrote: > https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-14+Agenda Can we limit "Can we release" to only stable already release versions, its eating a lot of time from the meeting with all the others. There are a lot of things to discuss for 1.4, probably many issues still open. I think we should set aside a meeting of its own just for that. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Tue Feb 14 08:40:59 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 14 Feb 2012 09:40:59 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: References: <4F32378D.5000908@nlnetlabs.nl> <4F323E45.1070002@nominet.org.uk> Message-ID: <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> On Feb 9, 2012, at 10:21 , Jerry Lundstr?m wrote: > How about 20th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? How about 27th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sion at nominet.org.uk Tue Feb 14 08:46:29 2012 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Tue, 14 Feb 2012 08:46:29 +0000 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> Message-ID: <4F3A1F65.8050300@nominet.org.uk> On 14/02/12 08:27, Jerry Lundstr?m wrote: > Me want more comments!!! > > On Feb 13, 2012, at 08:27 , Rickard Bellgrim wrote: > >>> Where do we want the build mails? >>> >>> Send it to the commit list or make a new one? >> Commit list would be ok for me. > I think that I'd prefer a separate list. From rickard at opendnssec.org Tue Feb 14 08:48:20 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 09:48:20 +0100 Subject: [Opendnssec-develop] Meeting today In-Reply-To: <757BB918-18E5-4C6D-8780-DF6A056FAF51@opendnssec.org> References: <757BB918-18E5-4C6D-8780-DF6A056FAF51@opendnssec.org> Message-ID: > Can we limit "Can we release" to only stable already release versions, its eating a lot of time from the meeting with all the others. > > There are a lot of things to discuss for 1.4, probably many issues still open. I think we should set aside a meeting of its own just for that. The topic is last thing in the meeting. The stable release usually have the lowest version number, thus first in the list. I usually skip the unstable / unready versions if I see that there is to little time left or if the general feeling is that everyone knows what to do. It is however good to dive into the backlog of an unstable release just to get everything going. If there are any particular discussion topics for 1.4, then everyone are welcome to create an item on the agenda. // Rickard From matthijs at nlnetlabs.nl Tue Feb 14 08:52:05 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 14 Feb 2012 09:52:05 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: <4F3A1F65.8050300@nominet.org.uk> References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> <4F3A1F65.8050300@nominet.org.uk> Message-ID: <4F3A20B5.4040003@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/14/2012 09:46 AM, Si?n Lloyd wrote: > On 14/02/12 08:27, Jerry Lundstr?m wrote: >> Me want more comments!!! >> >> On Feb 13, 2012, at 08:27 , Rickard Bellgrim wrote: >> >>>> Where do we want the build mails? >>>> >>>> Send it to the commit list or make a new one? >>> Commit list would be ok for me. Commit list would work for me >> > > I think that I'd prefer a separate list. > _______________________________________________ Opendnssec-develop > mailing list Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPOiC1AAoJEA8yVCPsQCW5A60H/i0id8gpPJWG45cPgtji1H5Z GRhlMRmoRZzx2iaL/4ACprQuB37HIaIkdTlSB4cOgOqa++9bQwSv9lwRQGCaBNeH AVOf+gSipSxXQnJQfvcWVHQGztKC5gWEJozEMhyH6ZIVk+uxVTqPb37Gg2wGtoWa wPQrxWhqF7GxSGhVweU0C1pxHnK0UgSinqPY8GyOnWgp5kmKX9BzZtdmkDIEFFat wzmI1Z27X5/tE6a44vUV9MOj+JbMThvpcuCYAs1pXgn/R5y7WVHr0Fz4VptghfV5 1PbITcURxbdYG3bQYkSVLPlXaqAXgmbBRWqQFqh+UnW2dlCUUxiOFvVaY1/zB6A= =wlNT -----END PGP SIGNATURE----- From rickard at opendnssec.org Tue Feb 14 08:52:22 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 09:52:22 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> References: <4F32378D.5000908@nlnetlabs.nl> <4F323E45.1070002@nominet.org.uk> <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> Message-ID: > How about 27th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? Works for me // Rickard From matthijs at nlnetlabs.nl Tue Feb 14 08:52:58 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 14 Feb 2012 09:52:58 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> References: <4F32378D.5000908@nlnetlabs.nl> <4F323E45.1070002@nominet.org.uk> <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> Message-ID: <4F3A20EA.9050304@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/14/2012 09:40 AM, Jerry Lundstr?m wrote: > On Feb 9, 2012, at 10:21 , Jerry Lundstr?m wrote: > >> How about 20th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? > > > How about 27th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? > > -- Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > Both dates are fine by me -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPOiDqAAoJEA8yVCPsQCW5Sd8H+QFCBcWjZFatNPZHxwCWusBC zjOuWLNssUf3fz8qfgdpzH+igb61wwkf0o6DJ+rlvVNnM9bGnLLBKEwqHOwZAvMK gknDXrVoG54GvLu6o4bcPXV1n2F/wkKYBzrIfuDCbTzZHg/dsvTHxtCci+JlGRiF wQpUXZlhclwINwhHmKbZBEBfzIWgi4CQ3RUOQhKDRF5dixD0uch7xMHMp49Zwr1i z1GAufDrFej5BQboWLai1mTnV6HYXtmbgZnR6J1AutwSMWbA3GUIXncera5cZnVw q5Rj3FR1Wabwvry1kzmhUQ8pqo1UhaZWFbj9XNYBH/m9c+HT7EPq/HuCBMIJcf4= =+okm -----END PGP SIGNATURE----- From jerry at opendnssec.org Tue Feb 14 08:55:55 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 14 Feb 2012 09:55:55 +0100 Subject: [Opendnssec-develop] Meeting today In-Reply-To: References: <757BB918-18E5-4C6D-8780-DF6A056FAF51@opendnssec.org> Message-ID: <764B331C-FE82-408E-8258-74ED04F0E2D9@opendnssec.org> On Feb 14, 2012, at 09:48 , Rickard Bellgrim wrote: > The topic is last thing in the meeting. The stable release usually > have the lowest version number, thus first in the list. I usually skip > the unstable / unready versions if I see that there is to little time > left or if the general feeling is that everyone knows what to do. It > is however good to dive into the backlog of an unstable release just > to get everything going. But there will never be enough time to dive into all the backlog for the unstable releases, shouldn't we try to do that? There are also some 33 opened unscheduled issues? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From matthijs at nlnetlabs.nl Tue Feb 14 08:57:17 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 14 Feb 2012 09:57:17 +0100 Subject: [Opendnssec-develop] enforcer-ng rules need some work In-Reply-To: References: <4F33A1F2.6060600@nlnetlabs.nl> Message-ID: <4F3A21ED.6060003@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/14/2012 09:31 AM, Rickard Bellgrim wrote: >> a simple example: We have 3 ZSKs A,B,C and all signatures of >> every key are fully propagated. A has its DNSKEY propagated. >> >> 1) we swap the DNSKEY from A and B. 2) now we change our mind and >> swap the DNSKEY B with C. >> >> This is still okay, validators have either [A|B|C] but the rules >> *could* conclude a chain can be build with [AC|BC] (instead of >> [ABC]) and thus prematurely stop publishing the signatures of one >> of [A|B] >> >> This potentially breaks stuff during unexpected rollovers. >> >> In my opinion this issue should be addressed before moving on to >> other release blockers. I can think of a couple solutions but so >> far none is satisfying. Also, I'm trying to track down why I >> believed this wasn't an issue any more. > > You mean that the "timer" for the removal of the signatures by A > will start when B is being introduced and when we switch over to C > the timer is not reset? > > The removal of the signatures by B should be treated correctly, > right? Since that "timer" is only started once we move over to C. That's one approach. But the issue is within the DNSSEC validity rules, and that does not include timing, the algorithm takes care of timing. The DNSSEC validity rules should contain a way to define a relation to key A and B, and B and C. This relation is transitive (so if A depends on B and B depends on C, A depends on C). Yuri is working on documenting this right now. Best regards, Matthijs > > // Rickard _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPOiHtAAoJEA8yVCPsQCW5ewIIAM0nAL0Q+b1j9y52OiYuW2/B nwvSxwGh67TX9ytuGJVBL4kUUunSZ5i+GovVKIsOJGIWEG3f0lIinJciIhb639fT gSvv4ZoeBO0V49l8pGmzmzBiSHL5fKHvnF/WZC+UtNacH8ISOG1NgrOEv/T6cP+f Al2HP9n+A6humuhLRbT5YbHn9BUvBp1Dd4Y+/MzfmN+pn+8/mCNjJTs1c8DIP4zU VQ1SDs3ng1zl+UZPQcY96yyo5LnyEK9vrY7RVDX1cPFB6vCUHIHvd+xbqDvRess5 Sk6bavFeGDuqqBBOYbUl3ekej/bxBlK4Be69b2WioRiSB+F3uX4ea/ZwUSa5KnE= =fwH8 -----END PGP SIGNATURE----- From rickard at opendnssec.org Tue Feb 14 08:59:40 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 09:59:40 +0100 Subject: [Opendnssec-develop] Meeting today In-Reply-To: <764B331C-FE82-408E-8258-74ED04F0E2D9@opendnssec.org> References: <757BB918-18E5-4C6D-8780-DF6A056FAF51@opendnssec.org> <764B331C-FE82-408E-8258-74ED04F0E2D9@opendnssec.org> Message-ID: > But there will never be enough time to dive into all the backlog for the unstable releases, shouldn't we try to do that? > > There are also some 33 opened unscheduled issues? That usually happens at the physical meetings when we plan the future releases. But we could also try to schedule a telephone meeting for this. // Rickard From yuri at nlnetlabs.nl Tue Feb 14 09:07:20 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Tue, 14 Feb 2012 10:07:20 +0100 Subject: [Opendnssec-develop] enforcer-ng rules need some work In-Reply-To: References: <4F33A1F2.6060600@nlnetlabs.nl> Message-ID: <4F3A2448.1080804@nlnetlabs.nl> > You mean that the "timer" for the removal of the signatures by A will > start when B is being introduced and when we switch over to C the > timer is not reset? No because, there is no such timer, and it is not a timing issue. It is a dependency issue. Having "a good ZSK" could rely on n keys. The current rules just cover the 1 and 2 case. If we want to support the >2 case we also must include an ordering in keys. > The removal of the signatures by B should be treated correctly, right? > Since that "timer" is only started once we move over to C. No. the system could now conclude only A and C are needed for a proper ZSK. Thus the signatures of B are no longer necessary even though the dnskey is still out in the wild. This is a problem, since there could be caches with only B in the dnskeyset. Matthijs and I had a couple of lengthy discussions and believe we have found a elegant and fitting solution yesterday. The idea is simple. Let A,B,C be records of different keys. If A can go to Unretentive only because B is in Rumoured. We administer a relation between A and B. B cannot go to Unretentive as long as A relies on it. Having C in Rumoured enables B to go to Unretentive anyway as long as we administer a relation between B and C. Now, declaring that relation transitive we can derive that A relies on B AND C. The notation is a bit harder, I'm still working on that. We have one that covers everything. But I am not convinced (yet) that it isn't a complex way of saying something simple. I'll post it here later today. -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From yuri at nlnetlabs.nl Tue Feb 14 09:15:29 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Tue, 14 Feb 2012 10:15:29 +0100 Subject: [Opendnssec-develop] Jenkins status / Developing tests In-Reply-To: <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> References: <4F32378D.5000908@nlnetlabs.nl> <4F323E45.1070002@nominet.org.uk> <70CB3EB2-2469-43EA-AEED-98B5B126F7D4@opendnssec.org> Message-ID: <4F3A2631.9080805@nlnetlabs.nl> >> How about 20th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? > How about 27th February 13.00 - 15.00 GMT / 14.00 - 16.00 CET ? Both work. -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From yuri at nlnetlabs.nl Tue Feb 14 09:27:33 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Tue, 14 Feb 2012 10:27:33 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> Message-ID: <4F3A2905.2080502@nlnetlabs.nl> > Where do we want the build mails? Commit list sounds like a good place for more computer generated spam. I would use both as a reference. But not something to actively keep up with. I would personally only really be interested in a mail send directly to *me* when I just broke the build with *my* commit. This mail would of course use strong faul language and maybe a threat or two. -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From jerry at opendnssec.org Tue Feb 14 09:33:09 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 14 Feb 2012 10:33:09 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: <4F3A2905.2080502@nlnetlabs.nl> References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> <4F3A2905.2080502@nlnetlabs.nl> Message-ID: On Feb 14, 2012, at 10:27 , Yuri Schaeffer wrote: > I would personally only really be interested in a mail send directly to > *me* when I just broke the build with *my* commit. This mail would of > course use strong faul language and maybe a threat or two. That I can do, wonder if fortune has an insult module. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sion at nominet.org.uk Tue Feb 14 14:25:28 2012 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Tue, 14 Feb 2012 14:25:28 +0000 Subject: [Opendnssec-develop] Meeting today In-Reply-To: References: Message-ID: <4F3A6ED8.5030705@nominet.org.uk> On 14/02/12 08:22, Rickard Bellgrim wrote: > Hi everyone > > Sorry for sending the agenda a little bit late. The meeting is today > at 14:00-15:00 CET, 13:00-14:00 GMT > > https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-14+Agenda > > // Rickard > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop Minutes are now up: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-14+Minutes Sion From rickard at opendnssec.org Tue Feb 14 14:36:35 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 15:36:35 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.6 Message-ID: Hi We are now ready to go ahead with the release of OpenDNSSEC 1.3.6. Jakob, could you release the tar-ball? // Rickard From rickard at opendnssec.org Tue Feb 14 14:58:47 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 14 Feb 2012 15:58:47 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 Message-ID: Hi During the meeting today we said the we wanted to release an alpha version of 1.4.0. We still have some things to fix before this can be done. We need to decide on how to write message in the NEWS-file. What do you think? Should it be: OpenDNSSEC-XX: Component: Some text about the bugfix or feature. Component: Some text about the bugfix or feature (OpenDNSSEC-XX) State that the backup files cannot be handled in this release. What else? // Rickard From jerry at opendnssec.org Tue Feb 14 15:18:57 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 14 Feb 2012 16:18:57 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> <4F3A2905.2080502@nlnetlabs.nl> Message-ID: <098E656D-B8CC-49B6-AB2F-44F46270FC4B@opendnssec.org> Hi, I will send a meeting invite from my IIS(.SE) address to Alex, Matthijs, Nick, Rickard, Sion and Yuri for the 27th. If anyone else wants to join or you forward it please let me know! /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From matthijs at nlnetlabs.nl Tue Feb 14 15:23:30 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 14 Feb 2012 16:23:30 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 In-Reply-To: References: Message-ID: <4F3A7C72.7080203@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/14/2012 03:58 PM, Rickard Bellgrim wrote: > Hi > > During the meeting today we said the we wanted to release an alpha > version of 1.4.0. We still have some things to fix before this can > be done. > > We need to decide on how to write message in the NEWS-file. What > do you think? Should it be: OpenDNSSEC-XX: Component: Some text > about the bugfix or feature. Component: Some text about the bugfix > or feature (OpenDNSSEC-XX) So far, I have been trying: OpenDNSSEC-XX: Component: Bla bla. > State that the backup files cannot be handled in this release. > > What else? I am going: * through the build warnings. * to verify that all jenkins jobs for trunk are happy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPOnxyAAoJEA8yVCPsQCW5nokIAKKcBBbCk3p6bBsFl/cpmekW cMEyeGIkdupNpuYa6y2vzTtaRHGduqeXP+turj/wgIXqP92IB+/tGocFwhXgfzkF qM3//ERDU7jeTSDv2dc7kzwbh5CXjC+rX21JShx74gBi5aM08B6yiEbz9YSqcphs vwG7mP+oIWSDAD9cnAWE5gFHq+1VjYRIo1+Su+Cdm3F5dTOXGE8EoqGdi6lGtS2q XlKr4OS+pltxwT9WQ/DmBo32SnVT/WQU7GW+5HB6HV/kEBssGNkzdpd9nmkzdjiO y0W8gNyY5CIJgNX2R/VuRmVNWavKndtnMMHmd6HYEJTKywGzgkFwf+Wv/6P5tys= =t5iJ -----END PGP SIGNATURE----- From sion at nominet.org.uk Tue Feb 14 15:45:29 2012 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Tue, 14 Feb 2012 15:45:29 +0000 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 In-Reply-To: <4F3A7C72.7080203@nlnetlabs.nl> References: <4F3A7C72.7080203@nlnetlabs.nl> Message-ID: <4F3A8199.9050307@nominet.org.uk> On 14/02/12 15:23, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/14/2012 03:58 PM, Rickard Bellgrim wrote: >> Hi >> >> During the meeting today we said the we wanted to release an alpha >> version of 1.4.0. We still have some things to fix before this can >> be done. >> >> We need to decide on how to write message in the NEWS-file. What >> do you think? Should it be: OpenDNSSEC-XX: Component: Some text >> about the bugfix or feature. Component: Some text about the bugfix >> or feature (OpenDNSSEC-XX) > So far, I have been trying: OpenDNSSEC-XX: Component: Bla bla. I'm sure I've not been consistent... As it is a (nearly) fixed width component I think that having it first is good. Should we try to do the same in commit messages too? Sion From jerry at opendnssec.org Wed Feb 15 08:07:20 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 15 Feb 2012 09:07:20 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> <4F3A2905.2080502@nlnetlabs.nl> Message-ID: Hi, Build mails will be sent to the commit list and to the committing user if the build breaks. " Jenkins will send out an e-mail to the specified recipients when a certain important event occurs. - Every failed build triggers a new e-mail. - A successful build after a failed (or unstable) build triggers a new e-mail, indicating that a crisis is over. - An unstable build after a successful build triggers a new e-mail, indicating that there's a regression. - Unless configured, every unstable build triggers a new e-mail, indicating that regression is still there. " /Jerry From jerry at opendnssec.org Wed Feb 15 08:10:41 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 15 Feb 2012 09:10:41 +0100 Subject: [Opendnssec-develop] Jenkins build mail reports In-Reply-To: References: <67B04C81-690D-44ED-B7F3-CD9D2DDA0306@opendnssec.org> <4F3A2905.2080502@nlnetlabs.nl> Message-ID: The sender will be jenkins at opendnssec.org btw. /Jerry From jakob at kirei.se Thu Feb 16 21:28:21 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 16 Feb 2012 22:28:21 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.6 In-Reply-To: References: Message-ID: tagged and bagged. jakob From jerry at opendnssec.org Fri Feb 17 16:16:16 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Fri, 17 Feb 2012 17:16:16 +0100 Subject: [Opendnssec-develop] Changes to testing framework Message-ID: Hi, I have made some changes to the testing framework that I haven't documented yet, will on monday. @PARAMETER@ can be used in most conf files kept in the test directory and will be substituted on installation. Currently @INSTALL_ROOT@ and @SOFTHSM_MODULE@ can be used. You don't need to run ods_reset_env at the start of the test, that is done automatically. You should end your failed test with ods_kill instead of ods-control stop. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Fri Feb 17 17:03:31 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Fri, 17 Feb 2012 18:03:31 +0100 Subject: [Opendnssec-develop] Re: Changes to testing framework In-Reply-To: References: Message-ID: <8394282986270598193@unknownmsgid> Yes I broke stuff, fix tomorrow. /Jerry On 17 feb 2012, at 17:16, "Jerry Lundstr?m" wrote: > Hi, > > I have made some changes to the testing framework that I haven't documented yet, will on monday. > > @PARAMETER@ can be used in most conf files kept in the test directory and will be substituted on installation. Currently @INSTALL_ROOT@ and @SOFTHSM_MODULE@ can be used. > > You don't need to run ods_reset_env at the start of the test, that is done automatically. > > You should end your failed test with ods_kill instead of ods-control stop. > > /Jerry > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > From jerry at opendnssec.org Sat Feb 18 13:47:14 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Sat, 18 Feb 2012 14:47:14 +0100 Subject: [Opendnssec-develop] Re: Changes to testing framework In-Reply-To: <8394282986270598193@unknownmsgid> References: <8394282986270598193@unknownmsgid> Message-ID: I have turned off email notifications for now, I'm not happy with the way it sends them. Also the tests fails now on trunk because I developed the tests for 1.3 they did not work for trunk, will fix this on monday. /Jerry From jerry at opendnssec.org Tue Feb 21 09:15:37 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 21 Feb 2012 10:15:37 +0100 Subject: [Opendnssec-develop] Re: Changes to testing framework In-Reply-To: References: Message-ID: <38A7CD80-F0A7-4F37-85C2-DC5C2936D3EA@opendnssec.org> On Feb 17, 2012, at 17:16 , Jerry Lundstr?m wrote: > You don't need to run ods_reset_env at the start of the test, that is done automatically. This will be reverted because trunk tests need to run it and expect it to fail, thats what happened to 10-040-odscc10t40 test case. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From rickard at opendnssec.org Mon Feb 27 09:01:55 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 27 Feb 2012 10:01:55 +0100 Subject: [Opendnssec-develop] Meeting 20120228 Message-ID: Hi We have a meeting tomorrow. Date: Tuesday 28 February Time: 14:00-15:00 CET, 13:00-14:00 GMT Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-28+Agenda // Rickard From Roland.vanRijswijk at surfnet.nl Mon Feb 27 09:15:04 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Mon, 27 Feb 2012 10:15:04 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon 20120301 @10:00h CET, 9:00h BST Message-ID: <7FDC2785-C3B5-417A-BBA6-3DE10E718D45@surfnet.nl> Hi all, Just a friendly reminder that we have an Enforcer NG telecon scheduled for Thursday (March 1st) at 10:00h CET / 9:00h BST. Here are the conference details: Dial-in to +31-30-2040323 Conference PIN: 030003 Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Mon Feb 27 09:59:14 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 27 Feb 2012 10:59:14 +0100 Subject: [Opendnssec-develop] Test framework live demo today 14:00 - 16:00 CET Message-ID: <24EAEFD4-BEF9-421B-B4ED-6AD7DDF3F44B@opendnssec.org> Hi, I will be challenging the live demo demon today at 14:00 - 16:00, if there is anyone else interested in attending, please send me a mail. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Mon Feb 27 12:12:23 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 27 Feb 2012 13:12:23 +0100 Subject: [Opendnssec-develop] Re: Test framework live demo today 14:00 - 16:00 CET In-Reply-To: <24EAEFD4-BEF9-421B-B4ED-6AD7DDF3F44B@opendnssec.org> References: <24EAEFD4-BEF9-421B-B4ED-6AD7DDF3F44B@opendnssec.org> Message-ID: <5822915A-3AD9-4238-AE78-E9492913AE6F@opendnssec.org> Hi, We will have the meeting with TeamViewer, you can download the client or use the web based client. The meeting is running so join when you can. Please join the meeting, by clicking on this link: http://go.teamviewer.com/v7/m57095155 Meeting ID: m57-095-155 http://www.teamviewer.com -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Mon Feb 27 12:25:05 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 27 Feb 2012 13:25:05 +0100 Subject: [Opendnssec-develop] Re: Test framework live demo today 14:00 - 16:00 CET In-Reply-To: <5822915A-3AD9-4238-AE78-E9492913AE6F@opendnssec.org> References: <24EAEFD4-BEF9-421B-B4ED-6AD7DDF3F44B@opendnssec.org> <5822915A-3AD9-4238-AE78-E9492913AE6F@opendnssec.org> Message-ID: <718C81A3-815D-494E-BD6D-6C4829330C24@opendnssec.org> Had to reboot to get another nic running on the win7, new meeting id: m33-840-404 On Feb 27, 2012, at 13:12 , Jerry Lundstr?m wrote: > We will have the meeting with TeamViewer, you can download the client or use the web based client. The meeting is running so join when you can. > > Please join the meeting, by clicking on this link: http://go.teamviewer.com/v7/m57095155 -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From matthijs at nlnetlabs.nl Tue Feb 28 10:12:23 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 28 Feb 2012 11:12:23 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 In-Reply-To: <4F3A7C72.7080203@nlnetlabs.nl> References: <4F3A7C72.7080203@nlnetlabs.nl> Message-ID: <4F4CA887.80604@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bump On 02/14/2012 04:23 PM, Matthijs Mekking wrote: > On 02/14/2012 03:58 PM, Rickard Bellgrim wrote: >> Hi > >> During the meeting today we said the we wanted to release an >> alpha version of 1.4.0. We still have some things to fix before >> this can be done. > >> We need to decide on how to write message in the NEWS-file. What >> do you think? Should it be: OpenDNSSEC-XX: Component: Some text >> about the bugfix or feature. Component: Some text about the >> bugfix or feature (OpenDNSSEC-XX) > > So far, I have been trying: OpenDNSSEC-XX: Component: Bla bla. > >> State that the backup files cannot be handled in this release. I have updated the KNOWN_ISSUES and NEWS files. Do we still need the 'Incompatibility in TSIG key' issue? Also, I removed the issue related to the auditor and $INCLUDE files. > >> What else? I wanted to make some tests, but it is going slower than I was hoping for. I do have a manual setup running for more than a week now (bind -> ods -> nsd) for one example zone and that seems to be going fine. > > I am going: * through the build warnings. Done. I also did a review of the code and cleaned up some unused functions. That made me think that it might be wise to let Coverity take a look at it as well. > * to verify that all jenkins jobs for trunk are happy. They were, but test-opendnssec-trunk is now failing. Something to do with the test framework changes. Jerry? > _______________________________________________ Opendnssec-develop > mailing list Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPTKiHAAoJEA8yVCPsQCW5zxYIAMeP9woqAbD9fR62r5jTc4ah vDKaB5itpfkSQVNh3/+EowhpF0JIucCDqkGk91iUbBW9mpZWl0ZRyG0nTdvblIcV EH1MrM6Cj9XOLBommFbTcIZMDo7RAj+U+rYAu3hP3peB9MNKBSZZEt0Dv47Z4DL0 re5BOJr1Py7DDJmoyuPlLhxUqC3BF2jXjJQmM4AOY1BqUlfp61NEXUWS0IEp0Iky j1trQmwJWOVegIkum2Leq0WBrQClgB1gyps92bKUgHKZRfKAYyLgJp0xbV6lSWhs lfrUMWozxMhfFyYO0/iZWX7c+JjDQbbgGb9WL4Y3mJhLmqLr6ep6cnr9tgeNCQo= =rZ9s -----END PGP SIGNATURE----- From jerry at opendnssec.org Tue Feb 28 11:22:31 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 28 Feb 2012 12:22:31 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 In-Reply-To: <4F4CA887.80604@nlnetlabs.nl> References: <4F3A7C72.7080203@nlnetlabs.nl> <4F4CA887.80604@nlnetlabs.nl> Message-ID: <7898800715314308816@unknownmsgid> On 28 feb 2012, at 11:12, Matthijs Mekking wrote: >> * to verify that all jenkins jobs for trunk are happy. > > They were, but test-opendnssec-trunk is now failing. Something to do > with the test framework changes. Jerry? No its some tests imported from SIDN/Nick that are failing on some platforms and its all very strange. But it should not matter for an alpha release. There are some "fixes" in the build scripts that needs to be move to configure for trunk and I would suggest that we dont release 1.4 until we have plenty of tests that are working on all platforms. /Jerry From matthijs at nlnetlabs.nl Tue Feb 28 12:49:58 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 28 Feb 2012 13:49:58 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 In-Reply-To: <7898800715314308816@unknownmsgid> References: <4F3A7C72.7080203@nlnetlabs.nl> <4F4CA887.80604@nlnetlabs.nl> <7898800715314308816@unknownmsgid> Message-ID: <4F4CCD76.5080002@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.4.0 or 1.4.0a1? On 02/28/2012 12:22 PM, Jerry Lundstr?m wrote: > On 28 feb 2012, at 11:12, Matthijs Mekking > wrote: > >>> * to verify that all jenkins jobs for trunk are happy. >> >> They were, but test-opendnssec-trunk is now failing. Something to >> do with the test framework changes. Jerry? > > No its some tests imported from SIDN/Nick that are failing on some > platforms and its all very strange. > > But it should not matter for an alpha release. > > There are some "fixes" in the build scripts that needs to be move > to configure for trunk and I would suggest that we dont release 1.4 > until we have plenty of tests that are working on all platforms. > > /Jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPTM12AAoJEA8yVCPsQCW5wygH/R0f8HfJaWj7gHvZo5fhwPeF cNVFgjB7cQ1wv80GuYzS/vSaDsrcsIff+JfX3bv5KKL86f3c0U65FgmAy8pgBfqm O7z3YlFOeRbJRFpA3l6oRQye/D2iq2h6KjV80dYcXldW4ZVJ3IcCErt60hi3/XlW qQ0HEOpNiKRYY3haJw04+ZvCSg2Ch0lJpsPahJWtfHcWVVe60RvSoEe4n8FVC+4R k+C43D69kqKG+zMMxLnb30w3bCjUc+vcmU8aUVZA4gCigVlWYwNyK2zYRe9jRpCV pCDh44CtUcIsNDapdcb0iLuTq26Ji6ZWS/9n6QlXJJic/snjCfIExzG6/+u4jYU= =OhCz -----END PGP SIGNATURE----- From jerry at opendnssec.org Tue Feb 28 14:28:00 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 28 Feb 2012 15:28:00 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.4.0a1 In-Reply-To: <4F4CCD76.5080002@nlnetlabs.nl> References: <4F3A7C72.7080203@nlnetlabs.nl> <4F4CA887.80604@nlnetlabs.nl> <7898800715314308816@unknownmsgid> <4F4CCD76.5080002@nlnetlabs.nl> Message-ID: On Feb 28, 2012, at 13:49 , Matthijs Mekking wrote: > 1.4.0 or 1.4.0a1? If your asking about the last part of my previous mail its 1.4.0. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Tue Feb 28 14:29:17 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 28 Feb 2012 15:29:17 +0100 Subject: [Opendnssec-develop] Wiki for trunk Message-ID: <33BB4874-ED2A-4984-A7CE-B7D70046B54C@opendnssec.org> Seems we already had a wiki trunk altho it has not been updated for a few months. https://wiki.opendnssec.org/display/DOCSTRUNK/ -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sion at nominet.org.uk Tue Feb 28 14:42:25 2012 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Tue, 28 Feb 2012 14:42:25 +0000 Subject: [Opendnssec-develop] Meeting 20120228 In-Reply-To: References: Message-ID: <4F4CE7D1.8020802@nominet.org.uk> On 27/02/12 09:01, Rickard Bellgrim wrote: > Hi > > We have a meeting tomorrow. > > Date: Tuesday 28 February > Time: 14:00-15:00 CET, 13:00-14:00 GMT > > Agenda: > https://wiki.opendnssec.org/display/OpenDNSSEC/2012-02-28+Agenda > > // Rickard > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop It's going to take me a while to get the notes up on the website... In case you can't wait, the notes I typed up during the call are here, I've not read through them yet. Sion Who will write minutes? Sion; also on the call are Jakob, Rickard, Jerry and Matthijs Agree on the agenda Action points Rickard: Discuss "hsm_get_key_rdata produces wrongly encoded DNSKEYs" with the user and work towards a solution for their problem. Rewrite the patch; signer engine will reuse the key from backup so it is afe to do so. Worry is if in middle of keyrollover, the export will not match the signer. Matthijs - had idea to not rely on backup from 1.4 as it is causing issues in 1.3. So the assumption might not hold in future. Other solution is to mark the version number, and switch to "incorrect" output if required. Then rollover will eventually get rid of the incorrect keys, means that the enforcer needs to track this in kasp and send the info to the signer. This is the safest way, but no-one seems to like it too much. However, relying on backup files is not nice either. It is in the users interest to remove faulty keys ASAP, we could give a big warning to users to migrate to a key with no leading zeros, and bar the use of keys after the patch is applied. ACTION - ALL discuss this on the list to get to a solution Updates OpenDNSSEC Signer: 1.3 reads serial from backup even if the rest is corrupted. Playing with test framework for dns adapters. Nothing else Updates Enforcer NG Yuri is not here. Next teleconf is Thursday Updates SoftHSM Destruction of singleton was causing segfaults on exit - fixed. Testing Live demo yesterday, more SIDN tests have been added to Jenkins. Waiting on more VMs. Can we release? OpenDNSSEC 1.3.7 Serial numbers fixed. New bug reported from training (duplicate RRs?), and 2 more issues: enforcer pidfile issue (could check for pid) signer can get into endless loop Can release once these are fixed. OpenDNSSEC 1.4.0a1 Are new bugs (in 1.3.6) also in trunk? enforcer issues - yes signer - not the ones with backup files NSEC3PARAM issue, maybe. New signer architecture can be found here: https://wiki.opendnssec.org/display/OpenDNSSEC/Signer+Engine+Adapter+Architecture Configuration needs to be documented; probably needed for alpha? Needs to branch off 1.3 documentation? Where should the 1.4 specific documentation go? Sara has some documentation on this, but it might not cover this situation. OpenDNSSEC 2.0.0a3 Meeting on Thursday. SoftHSM 2.0.0 Maybe 1.3.2? Nothing for 2.0 Next meeting Same time on 13th AOB No From matthijs at nlnetlabs.nl Tue Feb 28 15:09:29 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 28 Feb 2012 16:09:29 +0100 Subject: [Opendnssec-develop] Wiki for trunk In-Reply-To: <33BB4874-ED2A-4984-A7CE-B7D70046B54C@opendnssec.org> References: <33BB4874-ED2A-4984-A7CE-B7D70046B54C@opendnssec.org> Message-ID: <4F4CEE29.2000405@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great, I'll put my stuff over there then. On 02/28/2012 03:29 PM, Jerry Lundstr?m wrote: > Seems we already had a wiki trunk altho it has not been updated for > a few months. > > https://wiki.opendnssec.org/display/DOCSTRUNK/ > > -- Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > > > > > _______________________________________________ Opendnssec-develop > mailing list Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPTO4pAAoJEA8yVCPsQCW52NsH/3G/BD40nCCiLJGBGgjX28/O krAP867qRVDOhlzYJyq5WCEa7kKjp+svItptnb8ZDUdckds+LDRjza1t0FNgt37C 111SaGeXo4HfT78QnS2w+JCcL+eDJzQixP66wNHtQ2OybfGZLdHF/EMhKBZBbgnm orWhlfF28sYb5J2mM2MLDDkYII/+xZIjVDCLyozdy5gf4PNCc6c646l1m/NTqB9m YAXqrAt4UsrrKkxndccB4Qjt28fy1gKQV9b73wRv7024p8poPhcAVKh9muKmHVm8 WIZ4yvxyXmq50rG5u4KchqgX9KEJh9PQuIdlOKEgBbsK4HcSkmrTZ8Yf9mgF5w8= =NuYq -----END PGP SIGNATURE-----