ds-push does not replace the DS RRset on parent

Knot 2.9.1 on Debian Stretch (installed from nic.cz packages)

policy:
   - id: rsa01
     algorithm: RSASHA256
     ksk-size: 2048
     zsk-size: 1024
     ksk-lifetime: 5m
     zsk-lifetime: 2m
     dnskey-ttl: 10s
     propagation-delay: 5s
     zone-max-ttl: 15s
     ksk-submission: tt01

     ds-push: knotmaster
     cds-cdnskey-publish: rollover

As described on the mailing list, I'm rolling the KSK every five minutes for testing, and I note that the DS RRset in the parent zone isn't being purged of old DS records.

Libor responds:

DS push is designed the way that the DDNS to parent contains a removal of the whole DS rrset and an addition of the newest DS record. However, this does not work due to a bug.

I'm putting this here as a reminder.