On Thu, Mar 28, 2019 at 5:16 PM Tony Finch <dot@dotat.at> wrote:

manu tman <chantr4@gmail.com> wrote:
>
> During the BoF session this morning, it was asked how long it would take
> vendors to incorporate the new KSK in their software.
> The few that spoke said it was a relatively short time.

I think this will depend a lot on whether the patch is distributed as a
routine change or as a security-critical fix. I think it won't look
particularly good if the whole DNS gets a CVE every year just to roll the
keys in a timely fashion :-)

:) yeah.

This is a discussion that is worth having with the distributions and see what their take on this is. As mentioned in my original email, I would love to hear from people closer to the distros.

There is already connection between software vendors and distros, so they could maybe initiate this discussion.

Manu

Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
South Utsire, Forties: Southwesterly 5 or 6. Moderate or rough, occasionally
slight. Fair. Good.