BetaBlocker +1
per Adam's justification about dramatically reducing test coverage, if nothing else

BetaBlocker +1

BetaBlocker +1

So, turns out disabling dnssec validation on the server avoids this problem. That makes the evaluation a bit trickier, I guess, because we could argue that's a sufficiently okay workaround for Beta.

I think at that point the key is whether this affects upgrades of existing servers with dnssec validation enabled, because if it does, that's likely a violation of "It must be possible to successfully complete a direct upgrade from a fully updated installation of each of the last two stable Fedora Server releases with the system configured as a FreeIPA domain controller or postgresql server as specified in the relevant criteria. The upgraded system must meet all relevant release criteria, including criteria relating to functionality of the server software."

Unfortunately, we've had dnssec turned off on the upgrade tests for years because of https://bugzilla.redhat.com/show_bug.cgi?id=1999321 . I guess I can try turning it back on again and see what happens.

BetaBlocker +1

Discussed during the 2022-08-22 blocker review meeting: [0]

The decision to delay the classification of this as a blocker bug was made so adamw can do some more research and get the story of what exactly is affected and what needs doing sorted out.

[0] https://meetbot.fedoraproject.org/fedora-blocker-review/2022-08-22/f37-blocker-review.2022-08-22-16.01.txt

Release F37 is no longer tracked by BlockerBugs, closing this ticket.