[Opendnssec-develop] Re: PIN daemon

Rickard Bellgrim rickard at opendnssec.org
Thu Jul 12 09:40:07 UTC 2012

Hi Rick

> These are tests -- I was under the impression that was holding back the
> release into beta was a code review?  Or are both necessary?
> If a code review is called for, I'd like to know what requirements should
> be established -- is it "not leaking the PIN to others than root and the
> OpenDNSSEC user"?

You reviewed the design for some time ago. Jakob were support to test
the functionality, but a code review is never bad.

> As for the ipcrm, I would expect that to go into a start/stop script,
> and/or into ods-control.  This would be easier to operators, and it
> seems to make sense, given that the Signer and Enforcer are also
> switched on/off that way.  Also, we may in the future feel a need to
> wipe the area before ipcrm'ing it (even if only root could harvest
> it under the assumption of a properly functioning UNIX environment).

The ipcrm is only used now for testing. Just so that we can reset the
state. The design is for the PIN to live in the shared memory for the
uptime of the server.

> As for the name "PIN daemon", it should perhaps be rephrased, indeed.
> What about "PIN service" or "PIN storage" or "PIN memory"?

Yes, "PIN memory" would be a better name.

More information about the Opendnssec-develop mailing list