[Opendnssec-user] Release candidate for OpenDNSSEC 2.1.8
(Berry) A.W. van Halderen
berry at nlnetlabs.nl
Wed Nov 18 12:22:50 UTC 2020
Dear all,
I've made a release candidate for a release of OpenDNSSEC (2.1.8rc1), to
fix an issue with the purging of keys from the HSM. Since the nature
of the operation I've opted to release it as a release candidate first.
Another issue being fixed a bug causing a crash after not having run
OpenDNSSEC in the midst of a ZSK when you're zone would have gone bogus
already.
To the key purge problem. Either when manually purging keys, or having
specified a <Purge> in your key policy (kasp.xml), the keys are suppost
to be removed from the HSM. However, for some time, the keys were marked
for deletion, and became invisible, but the removal from the HSM was
skipped. In this release candidate this is fixed, but still allowing
keys not to be removed entirely. When you specify an automatic purge
then the keys will, after the specified period, will be completely
removed. When you purge manually, keys are not removed from the HSM
unless you specify an additional flag (the --delete or -d flag).
Unless I get negative reports, I'll make a release from this fix after
a 1 or 2 weeks grace period. The release candidate is available here:
https://dist.opendnssec.org/source/testing/opendnssec-2.1.8rc1.tar.gz
\Berry
More information about the Opendnssec-user
mailing list