[Opendnssec-user] Release candidate for OpenDNSSEC 2.1.8

Stefan Ubbink Stefan.Ubbink at sidn.nl
Fri Nov 20 11:30:34 UTC 2020


On Wed, 18 Nov 2020 13:22:50 +0100
"\(Berry\) A.W. van Halderen via Opendnssec-user"
<opendnssec-user at lists.opendnssec.org> wrote:

> Dear all,

Hello Berry,

> I've made a release candidate for a release of OpenDNSSEC (2.1.8rc1),
> to fix an issue with the purging of keys from the HSM.

Thank you very much for this new release.

> To the key purge problem.  Either when manually purging keys, or
> having specified a <Purge> in your key policy (kasp.xml), the keys
> are suppost to be removed from the HSM.  However, for some time, the
> keys were marked for deletion, and became invisible, but the removal
> from the HSM was skipped.  In this release candidate this is fixed,
> but still allowing keys not to be removed entirely.  When you specify
> an automatic purge then the keys will, after the specified period,
> will be completely removed.  When you purge manually, keys are not
> removed from the HSM unless you specify an additional flag (the
> --delete or -d flag).

A minor point for improvement, the enforcer/man/ods-enforcer.8.in file
has not been updated to describe the --delete or -d flag.

> Unless I get negative reports, I'll make a release from this fix after
> a 1 or 2 weeks grace period.

I'll continue testing the new release and will let you know if I find
something else.

-- 
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20201120/2cefa364/attachment.bin>


More information about the Opendnssec-user mailing list