[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll
Benno Overeinder
benno at NLnetLabs.nl
Wed Jan 10 11:01:10 UTC 2018
On 08/01/2018 19:52, Paul Wouters wrote:
> On Mon, 8 Jan 2018, Hugo Salgado-Hernández wrote:
>
>> After the patch was released, how long it takes to pass downstream
>> to common OS distros?
>
> It depends. For instance for RHEL, it will be fixed in 7.5. But had
> we actually not aborted the roll, Red Hat would have done a accelerated
> update to fix this issue.
>
>> At this point, 4 months later, can we assume that a competent
>> operator, with current OS with updated patches, is "safe from the
>> rollover"?
>
> Yes, and not only that, for this issue we could have rolled on the
> original date as well.
To add on this, we were also in contact with Ubuntu, Debian and FreeBSD.
The distributions moved this issue with priority through their process
and patches were backported to stable distributions as well as the new
Unbound release ended up in new/upcoming/experimental distributions.
(OpenBSD 6.2 incorporated Unbound 1.6.6.)
So I would like to acknowledge the distribution maintainers for their
swift actions to push the patches (backported) or the new Unbound release.
Best,
-- Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
More information about the ksk-rollover
mailing list