On Wed, 4 Oct 2006, Jeff Templon wrote:
> Yo,
>
> don't forget to be real, people: the problem was caused by an interaction
> between a *bug fix* in ssh and an *unfixed, dormant bug* in YAIM.
? which *unfixed, dormant bug* ?
M
> These kinds
> of situations are rather difficult to detect, until they are triggered.
>
> J "or did you forget the apostrophe in the comment story" T
>
> Kalman Kovari wrote:
> > Hi Nicholas,
> >
> > > The update was an OS update, not a middleware update, therefore it's out
> > > of the control of EGEE and WLCG. If gLite ran on Windows, would we
> > > expect Microsoft to give us (EGEE grid) an individual warning of a
> > > security patch?
> >
> > Would we be the 'biggest consumer' of Microsoft? In that case, I would
> > expect them to consider our needs...
> >
> > If we want to avoid another issue like this, the choices are on the long
> > run either to set up an own (gLite or EGEE based) commitee to control
> > the repository updates (by setting up our own repo, or by advising
> > sysadmins only to upgrade on the commitee's approval of the new sw), OR
> > to convince the SLC3 release responsibles to RESPECT the needs of our
> > services, and to trust them. The first case would be a big work, and a
> > lot of delay on security updates. In the later case their testing team
> > would have a bit more work (another testing environment maybe), and we
> > could even trust the auto-updates.
> >
> > Best Regards,
> > Kalman Kovari
>
--
/-------------- [log in to unmask] ----------------\
| Marco Serra INFN |
| --------------------------------------------------|
| There is a difference between knowing the |
| path and walking the path |
\---------------------------------------------------/
|