On Thu, Mar 28, 2019 at 5:16 PM Tony Finch <dot@dotat.at> wrote:
manu tman <chantr4@gmail.com> wrote:
During the BoF session this morning, it was asked how long it would take vendors to incorporate the new KSK in their software. The few that spoke said it was a relatively short time.
I think this will depend a lot on whether the patch is distributed as a routine change or as a security-critical fix. I think it won't look particularly good if the whole DNS gets a CVE every year just to roll the keys in a timely fashion :-)
:) yeah. This is a discussion that is worth having with the distributions and see what their take on this is. As mentioned in my original email, I would love to hear from people closer to the distros. There is already connection between software vendors and distros, so they could maybe initiate this discussion. Manu
Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ South Utsire, Forties: Southwesterly 5 or 6. Moderate or rough, occasionally slight. Fair. Good.