Created by Malcolm Scott and last modified
Get this branch:
bzr branch lp:~malcscott/+junk/sensiblednssec
Only Malcolm Scott can upload to this branch. If you are Malcolm Scott please log in for upload directions.

Related bugs

Related blueprints

Branch information

Malcolm Scott

Recent revisions

44. By Malcolm Scott

Merge several things from elsewhere; drop the entropy check since the new upstream behaviour is to use a nonblocking CRNG

43. By Malcolm Scott

dnssec-keygen no longer lets us specify a random source (and forces urandom :-( )

42. By Malcolm Scott

Keep KSKs with g+rw permissions (noting that dnssec-settime likes to undo this)

41. By Malcolm Scott

Quash errors when chmodding keys; we might not own all of them, but in theory those we don't own have already been chmodded

40. By Malcolm Scott

Add comment to config explaining algorithm choice and rollover

39. By Malcolm Scott


38. By Malcolm Scott

Don't force TLS version. Nominet EPP now needs TLS v1.1+; Python <3.4 has no way to force this but will negotiate it if left unspecified.

37. By Malcolm Scott

umask hack doesn't work in more-recent make; work around by explicitly chmodding (hopefully) everything

36. By Malcolm Scott

Add SIGN_PARAMS setting (e.g. to pass NSEC3 params to dnssec-keygen); make things work better for non-owners by enforcing group-writability and not trying to touch old files; make ksk-rollover also roll ZSK as it's very likely the user wants this too

35. By Malcolm Scott

Support using a different random source; print dnssec-keygen invocations; don't override umask when making top-level directories

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.