On Fri, 16 Sep 2005, Gordon, JC (John) wrote:
>Alessandra, I see nothing to be gained by (VO)boxing ourselves into a
>corner. Taking an entrenched position against them at all costs is bad
>tactics. I would rather take the position that the case hasn't been
>made, please go away and think again. Everyone seems to be getting into
>a frenzy before they have heard a rational case. The risk then is that
>nothing called a VObox will ever be acceptable.
Hi,
I'm just catching up on this discussion from All Hands in Nottingham.
The fundmental problem as I see it is that no-one has yet presented a
rational argument as to why any of the experiments need a VOBOX -- and a
lot of time has passed since the idea was first circulated. We (the
site admins) are being told that the VOBOX is "The Answer" to some
experiments' problems but we're not being told what those problems are.
As site administrators we necessarily need to understand everything
that's going on on our systems if we are to ensure good service, monitor
performance and ensure good security.
We should first be consulted about planned changes to the software
distribution that we are being asked to support; if we're simply told
"you will need to support VOBOXes" without being told precisely what
that entails and implies then you should expect the sites to insist on
more information. The lack of a timely, coherent reponse to site's
requests for information is raising concern.
This has been exacerbated by the fact that there have been a number of
very worrying suggestions for VOBOX requirements being circulated
(remote root access, arbitrary long-running software services exposed to
the world, etc) that simply are _not_ acceptable to site administrators
such as myself and cannot be supported. Accurate or not, this will make
it harder for experiments to satisfy the sites' concerns.
There is also a longer-term practical objection: namely that all of the
grid tools distributed as part of LCG that we've been working to get up
and running should be sufficient for the individual experiments to carry
out their work. If they are _not_ sufficient then surely bugs should be
raised against LCG and developer time dedicated to redressing these
deficiencies. Dedicating extra (unfunded!) machines to individual
experiments does not scale and introduces all of these other security
concerns.
By all means, if some knowledgable person can explain why I should host
their VOBOX I will update my opinions based on that new information; but
until someone can satisfy all of the concerns that surround this
proposal my default response will have to be "Sorry, that's not going to
happen."
And, as others have already suggested, this is unlikely to be an
atypical response.
Cheers,
David
--
David McBride <[log in to unmask]>
Department of Computing, Imperial College, London
Give me ambiguity or give me something else.
|