[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories

Phil Regnauld regnauld at nsrc.org
Mon Feb 8 01:06:49 UTC 2010



On 07/02/2010, at 22.02, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Fri, Feb 05, 2010 at 09:46:22AM -0800,
> Randy Bush <randy at psg.com> wrote
> a message of 15 lines which said:
>
>> what a great lesson
>
> Like Shane said, yes, but which lesson? For me, it means you should
> not put trust anchors in binary packages, unless there is an automatic
> update mechanism (is it the case with RedHat?). Another possible
> lesson is that you should use DLV and not rely on static files.
>
> (The signing of the root won't help since there is no announced
> timeline for the delegation, the insertion of DS records. Even if
> there was, ".arpa" is not signed.)
>
>
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations



More information about the dns-operations mailing list