IFC @ r224187

1 files changed, 0 insertions, 15 deletions

diff --git a/contrib/bind9/KNOWN-DEFECTS b/contrib/bind9/KNOWN-DEFECTS
deleted file mode 100644
index 83d7175..0000000
--- a/contrib/bind9/KNOWN-DEFECTS
+++ /dev/null
@@ -1,15 +0,0 @@
-dnssec-signzone was designed so that it could sign a zone partially, using
-only a subset of the DNSSEC keys needed to produce a fully-signed zone.
-This permits a zone administrator, for example, to sign a zone with one
-key on one machine, move the resulting partially-signed zone to a second
-machine, and sign it again with a second key.
-
-An unfortunate side-effect of this flexibility is that dnssec-signzone
-does not check to make sure it's signing a zone with any valid keys at
-all.  An attempt to sign a zone without any keys will appear to succeed,
-producing a "signed" zone with no signatures.  There is no warning issued
-when a zone is not signed.
-
-This will be corrected in a future release.  In the meantime, ISC
-recommends examining the output of dnssec-signzone to confirm that
-the zone is properly signed by all keys before using it.