[Opendnssec-develop] Re: PIN daemon

Rick van Rein rick at openfortress.nl
Thu Jul 12 09:28:24 UTC 2012

Hello Rickard and Sara and others,

> > This is excellent news - thank you. With luck that will mean it can go in the beta.
> I have updated the story with some more information and some use cases
> that you can test.

I found it on https://issues.opendnssec.org/browse/OPENDNSSEC-130

These are tests -- I was under the impression that was holding back the
release into beta was a code review?  Or are both necessary?

If a code review is called for, I'd like to know what requirements should
be established -- is it "not leaking the PIN to others than root and the
OpenDNSSEC user"?

As for the ipcrm, I would expect that to go into a start/stop script,
and/or into ods-control.  This would be easier to operators, and it
seems to make sense, given that the Signer and Enforcer are also
switched on/off that way.  Also, we may in the future feel a need to
wipe the area before ipcrm'ing it (even if only root could harvest
it under the assumption of a properly functioning UNIX environment).

As for the name "PIN daemon", it should perhaps be rephrased, indeed.
What about "PIN service" or "PIN storage" or "PIN memory"?


More information about the Opendnssec-develop mailing list