Comment 8 for bug 1771545

> unbound wants to write to that file to keep it current.

Sorry for asking as I am not so much into root.key and package updates. However I do not understand that sentence yet and I am terrible curious. From the user perspective: The user needs a current root.key file to do validation. What is the difference whether that happens via a package update/backport, or unbound-anchor, or both? In other words, if unbound-anchor writes to "/usr/share/dns/root.key", why is that bad? If dns-root-data is updated/backported and writes to the very same file, why is that bad? In both cases, a different technology is used to get a current root.key. Does that qualify to separate things?

Furthermore, I am not sure about the role of the package dns-root-data, yet. I am asking because the answer could void my workaround D. dns-root-data was/is never backported. Uhh? Did I understand that correctly? unbound-anchor needs a working and valid starting point. What happens when the package dns-root-data is so terrible outdated that unbound-anchor cannot use it as starting point anymore?

In other words: I do not understand why Debian world needs RFC 5011 when they have a much "better" update mechanism already, the package management. It is nice to have unbound-anchor (and its RFC 5011) as well, but isn’t the Debian/Ubuntu package management better and therefore should be the primary choice? A symlink would create that "primary", I thought.