Yo,
don't forget to be real, people: the problem was caused by an
interaction between a *bug fix* in ssh and an *unfixed, dormant bug* in
YAIM. These kinds of situations are rather difficult to detect, until
they are triggered.
J "or did you forget the apostrophe in the comment story" T
Kalman Kovari wrote:
> Hi Nicholas,
>
>> The update was an OS update, not a middleware update, therefore it's out
>> of the control of EGEE and WLCG. If gLite ran on Windows, would we
>> expect Microsoft to give us (EGEE grid) an individual warning of a
>> security patch?
>
> Would we be the 'biggest consumer' of Microsoft? In that case, I would
> expect them to consider our needs...
>
> If we want to avoid another issue like this, the choices are on the long
> run either to set up an own (gLite or EGEE based) commitee to control
> the repository updates (by setting up our own repo, or by advising
> sysadmins only to upgrade on the commitee's approval of the new sw), OR
> to convince the SLC3 release responsibles to RESPECT the needs of our
> services, and to trust them. The first case would be a big work, and a
> lot of delay on security updates. In the later case their testing team
> would have a bit more work (another testing environment maybe), and we
> could even trust the auto-updates.
>
> Best Regards,
> Kalman Kovari
|