[Opendnssec-develop] Supporting downgrades

Siôn Lloyd sion at nominet.org.uk
Mon Jul 23 14:20:49 UTC 2012

On 13/07/12 12:40, Jerry Lundström wrote:
> On Jul 13, 2012, at 12:14 , Sara (Sinodun) wrote:
>> On 12 Jul 2012, at 12:18, Rickard Bellgrim wrote:
>>>> The recent discussion on package contents has raised an interesting question - do we plan to provide migration scripts for users to downgrade between *major* versions e.g. 1.4.0 to 1.3.10. It does not appear that historically this has been done for previous releases.
>>> Yes, that would be useful.
> -1
> We must realize there is a lot of work supporting downgrades and in most cases it can't be done since there is often new features with new major releases that don't exist in old releases.
> With my 10+ years sysadmin hat on: it is not common practice to support major version downgrades or even do them, if there is a problem with a software even after testing you do a rollback to a backup of the old version.


Assuming that the downgrade happens before any key rollover/generation 
occurs of course.

Take the extreme example of the enforcerNG; I'm pretty sure we don't 
want to build a script to move back to the old enforcer? I'm not sure if 
all of the new states map back back cleanly even.


p.s. Sara, you are correct when you say that we have never needed a 
script to move between alpha and a full release.

More information about the Opendnssec-develop mailing list