[ksk-rollover] Concerns about KSK generation software quality.

S Moonesamy sm+icann at elandsys.com
Fri Feb 23 21:00:03 UTC 2018

Hi Warren,
At 11:59 AM 16-02-2018, Warren Kumari wrote:
>In the "Suggested update" thread, Andres pointed me


>While typos in error messages and comments are (clearly) not going to
>cause breakage, it does make me concerned that this code, which
>generates the single most critical DNSSEC keys, has not received
>sufficient careful review. These sorts of obvious typos are not
>themselves a problem, but rather indicative of a larger issue. While
>the obvious retort is "It is publicly posted in GitHub, and we asked
>the community to have a look. Send pull requests!", it appears that
>this hasn't resulted in enough review. I used to program C, but it has
>been long enough that now I'm only qualified to say "Well, that
>doesn't seem right!" - how do we get (more) review from people who are
>better qualified?

I agree that the software could be improved with a code review.  As 
far as I am aware, nobody else uses that software and that does not 
help to get enough review.

S. Moonesamy 

More information about the ksk-rollover mailing list