#49007: openssh @7.1p1 +ldns SSHFP DNSSEC validation fails -------------------------------+---------------------- Reporter: scott-macports@… | Owner: ionic@… Type: defect | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: haspatch Port: openssh ldns | -------------------------------+---------------------- Comment (by dluke@…): Replying to [comment:4 scott-macports@…]:
I could, of course, submit a new interface to ldns that explicitly loaded default keys from /etc/trusted-key.key (or some other default), but then openssh couldn't use that interface until the new library version was available on any particular distribution (as a new api, it can't really be backported as fix to distributions using the current or older libraries), preventing a working openssh + ldns on those systems for some time...
It makes the most sense (to me) to get a change like this accepted by ldns and openssh upstream, and then backport it to our release (if necessary because we don't want to wait for upstream to release new versions). -- Ticket URL: <https://trac.macports.org/ticket/49007#comment:5> MacPorts <https://www.macports.org/> Ports system for OS X