On 2016-09-01 00:10, Benny Pedersen wrote:
> On 2016-08-31 22:48, SM wrote:
>
>> I haven't read that part of the code recently. It is not optimal to
>> do a check as the file contents rarely change.
>
> postfix does not need a anchor file to send to dane_only domains, so
> why does opendkim need one ?
>
> design fails imho
>
> but i think its still good that opendkim can have its own if
> dnsservers does not support dnssec, then opendkim can do its job on
> its own, in that case the anchor is needed in opendkim, else its waste
> of resources, and possible one runs with outdated anchor
I'd say you don't need the trustanchor for mode=s (signing) but for
mode=v (verification)
> i will not make that fail here
--
Christian Kivalo
Received on Thu Sep 01 2016 - 05:45:26 PST