[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
Andrew Sullivan
ajs at shinkuro.com
Tue Feb 9 16:20:32 UTC 2010
On Sun, Feb 07, 2010 at 04:31:57PM +0100, Shane Kerr wrote:
> I am wondering if we can also take something here to the reoccurring
> debate about the utility of regular KSK rollovers.
[…]
> This strikes me as indicating that even with regular rollovers, things
> will still break. Which kind of supports the idea of rolling over only
> in emergency, doesn't it?
Maybe. On the one hand, we could draw the conclusion that, even with
a lot of notice and good intentions all around, things still break and
therefore one ought to avoid, as much as possible, rolling. This is
an instance of the principle "avoid dangerous things".
On the other hand, we could draw the conclusion that rolls are a good
opportunity for things to break, and that for that reason we need to
do them early and often, with a gradual reduction in frequency as
people get more experienced; but never reduce to the point that
rolling is anything other than a well-understood and common event.
This is an instance of the principle "practice makes perfect".
The problem with every slogan is that there's an equal and opposite
slogan.
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the dns-operations
mailing list