[Opendnssec-develop] Re: PIN daemon
Rick van Rein
rick at openfortress.nl
Thu Jul 12 09:28:24 UTC 2012
Hello Rickard and Sara and others,
> > This is excellent news - thank you. With luck that will mean it can go in the beta.
>
> I have updated the story with some more information and some use cases
> that you can test.
I found it on https://issues.opendnssec.org/browse/OPENDNSSEC-130
These are tests -- I was under the impression that was holding back the
release into beta was a code review? Or are both necessary?
If a code review is called for, I'd like to know what requirements should
be established -- is it "not leaking the PIN to others than root and the
OpenDNSSEC user"?
As for the ipcrm, I would expect that to go into a start/stop script,
and/or into ods-control. This would be easier to operators, and it
seems to make sense, given that the Signer and Enforcer are also
switched on/off that way. Also, we may in the future feel a need to
wipe the area before ipcrm'ing it (even if only root could harvest
it under the assumption of a properly functioning UNIX environment).
As for the name "PIN daemon", it should perhaps be rephrased, indeed.
What about "PIN service" or "PIN storage" or "PIN memory"?
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list