icann-ca.pem missing from package
Bug #1754774 reported by
Daniel Aleksandersen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
knot-resolver (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu’s distribution of knot-resolver is missing /etc/knot-
Without this file at this hardcoded location (/usr/lib/
https:/
https:/
To post a comment you must log in.
On a well-managed system, DNSSEC resolution should depend on the system-installed and system-maintained DNSSEC root, not on using icann-ca.pem for individual packages to separately update their root stores via sidechannel mechanisms.
Recent versions of knot-resolver should depend directly on the dns-root-data package, and should learn DNS roots from there. if they do not, then please report that as a bug.
But i think shipping /etc/knot- resolver/ icann-ca. pem would be a mistake. (also, we do not ship it in debian)