On Mon, Oct 01, 2018 at 08:06:25PM -0700, Diane Trout wrote: > On Mon, 2018-10-01 at 20:23 +0200, Lee Garrett wrote: > > Hi, > > > > Any update on this bug? dnssec-trigger will be autoremoved due to > > this bug > > tomorrow. I'd like to see it in buster, though. > > > > Ooops I forgot, Also does this bug impact unbound? I tried checking the > unbound maintainer scripts and they're not doing anything to handle > this case > > What's > sudo -s openssl x509 \ > -in /etc/dnssec-trigger/dnssec_trigger_control.pem -text | \ > grep 'Public-Key' > > Look like on an effected system?
I can't tell you for certain anymore, since I regenerated the key, but I ran a similar command at the time and it was 1536-bit. > On mine is 3072, and I don't seem to be impacted. > > I'm guessing I can use that to determine if I need to regenerate the > key Yes, that would be fine. Anything smaller than 2048 bits would require regeneration. > The other option is to just delete the key and regenerate it on the > specific version upgrade. If you're relying on the keygen target, note that as of the time I filed this bug report, it wrote the keys into the wrong location. I haven't checked if it's been fixed. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
