Merge ~sergiodj/ubuntu/+source/bind9:bind9-eddsa-dnssec-bug1825712 into ubuntu/+source/bind9:ubuntu/bionic-devel
Status: | Work in progress |
---|---|
Proposed branch: | ~sergiodj/ubuntu/+source/bind9:bind9-eddsa-dnssec-bug1825712 |
Merge into: | ubuntu/+source/bind9:ubuntu/bionic-devel |
Diff against target: |
63 lines (+17/-2) 3 files modified
debian/changelog (+9/-0) debian/libdns1100.symbols (+1/-0) debian/rules (+7/-2) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu developers | Pending | ||
Review via email: mp+390274@code.launchpad.net |
Description of the change
This is the fix of https:/
The rationale is the same as for the other releases. Also, there was a lot of discussion happening between Andreas and Christian in the other two MPs, so I'm linking them here:
https:/
https:/
In the bug, comment #14, Andreas mentioned:
"It's a valid request, I'm just not sure if the version of bind in bionic is good enough for this support. I vaguely remember reading somewhere that certain encryption types were not working well in certain versions of bind9 (sorry, very vague, I know). Because of that I'm confirming the bug, but this would have to be investigated."
After investigating whether there is indeed such a problem with bind9 on bionic, I could not find anything that might prevent us from enabling EdDSA support there. I did find something interesting that Debian did, though: they decided to enable EdDSA, but disable Ed448. I'm choosing not to do that for now, because I think that would be somewhat orthogonal to this change, but I am getting in touch with Ondřej Surý to make sure that this won't bite us down the road.
The package doesn't have dep8 tests, but I did a PPA build:
https:/
installed it in a bionic lxd, and performed the "Test Case" instructions from the original bug. Everything is working OK.
I'm leaving this as a WIP until I decide what to do with the Ed448 support.