Hi Linda,
Thanks for the clarification. I did see the advisory, but I don't
recall being contacted re gLite 3.1 (and I know I have some components
to deal with - in one case it will mean the grid permanently losing ~30%
of our CPU). My original email was meant to clear up my confusion from
the ops meeting - and to calm my panic when I thought I had a month less
to deal with things than I'd expected.
John
On 07/08/2012 12:58, Linda Cornwall wrote:
> Dear John,
>
> Sites need to upgrade from gLite 3.1 by the end of September. From 1st October EGI intends to suspend sites, I don't think exceptions will be made.
>
> For 3.2 components already out of security support, sites should also migrate by the end of September, but suspension is not until 1st November and exceptions may be made (see below).
>
> In case you haven't seen it the advisory below was sent to site-security-contacts. (Although it primarily refers to gLite 3.2.)
>
> Also, individual sites running gLite 3.1 were contacted (I think).
>
> Linda.
>
> -------------------------------------------------------------------------------
>
> ** GREEN information - Community wide distribution **
>
> ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
>
> EGI CSIRT ADVISORY [EGI-ADV-20120801]
>
>
> Title: EGI CSIRT ADVISORY [EGI-ADV-20120801] concerning gLite 3.2
> middleware components no longer supported on 01 August 2012.
>
> Date: 2012-08-01
>
>
> Introduction
> ============
>
> This advisory is being issued to remind sites which currently deploy gLite 3.2 software components which are no longer under security support to migrate to supported software.
>
> Various sites still deploy gLite 3.2 middleware components which on the 1st August 2012 are no longer under security support.
>
> The gLite 3.1 distribution is now retired. Sites still deploying gLite 3.1 software components have also been identified. This advisory includes a reminder of the decommissioning calendar applicable to gLite 3.1 software components and generally speaking to any software reliant on RHEL4 derivatives.
>
> This advisory describes the detailed timelines for the retirement of unsupported software components as agreed between EGI CSIRT, the Operations Management Board, and the Security Co-ordination Group, which must be adhered to and describes the consequence of failing to do so.
>
> It should be noted that regardless of these deadlines if a critical vulnerability affecting any software out of security support is published it may not be possible to produce an update and will be necessary to immediately stop the affected services and reinstall with currently supported software releases.
>
>
>
> Retirement calendar of gLite 3.2 components out of security support on 1st August
>
> 2012
> ==================================================================================
>
> =====
>
> The gLite 3.2 components currently out of security support are:
>
> APEL
> ARGUS
> BDII
> Cluster
> CREAM
> dCache
> LB
> LSF utils
> MPI utils
> SCAS
> SGE utils
> Torque client/server/utils
> VOMS
>
> See gLite 3.2 support calendar [R 1]. This advisory refers to these.
>
> All unsupported gLite 3.2 software components listed above and deployed in production are expected to migrate away as soon as possible and no later than 1st October 2012.
>
> Deployment of the unsupported gLite 3.2 components listed above will be monitored by EGI CSIRT. A report of any sites which are still deploying the unsupported gLite 3.2 components after 01 October 2012, will be produced for EGI management.
>
>
> Suspension Policy
> =================
>
>>From 1st November 2012 sites still deploying the unsupported gLite 3.2 software components mentioned above will be asked to migrate to supported software immediately or to shutdown services.
>
> Sites may face site suspension if failing to migrate their services.
> Exceptions may be made if the site is in communication with EGI CSIRT and upgrades are in progress. As it is acknowledged that some sites wish to migrate from gLite 3.2 to the UMD 2/EMI 2/RHEL6 based versions, exceptions may also be made if the site is planning to migrate straight to EMI 2 based on RHEL6 but the appropriate software is not available in EGI UMD2 on 01 November 2012 or has been available for less than 1 month.
>
>
> Reminder for gLite 3.1 and software reliant on RHEL4 derivatives.
> =================================================================
>
> Sites deploying gLite 3.1 software components and/or software reliant on RHEL4 (including SL4) must migrate away from these by 1st October 2012.
> These sites have been individually contacted by CSIRT on 16th July 2012, therefore should be aware of this.
>
> On 1st October 2012 such sites will be asked to migrate to supported software or shutdown services immediately. Failure to comply will result in site suspension.
> No exceptions or further extension of this deadline will be made.
>
>
> Notes
> =====
>
> Please be aware that this notice only applies to software which is already out
> of security support on 1st August 2012. Retirement calendars for software
> which comes out of security support in the future will be made at a later date.
>
>
>
> Other information
> =================
>
> In the coming months EGI will review its security policies in order to no longer
> allow the deployment in production of software which is out of security support.
> See [R 2] and [R 3] for further information on supported middleware versions.
>
>
>
> References
> ==========
>
>
> [R 1] gLite 3.2 support calendar http://glite.cern.ch/R3.2/
> [R 2] EMI support calendar http://www.eu-emi.eu/releases#MajRel
> [R 3] General support information from technology providers
> https://wiki.egi.eu/wiki/Middleware#Technology_Providers
>
>
>
>
> On behalf of EGI CSIRT, the Operations Management Board, and the Security
> Co-ordination Group.
>
> --------------------------------------------------------------------------
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of John Hill
>> Sent: 07 August 2012 12:31
>> To: [log in to unmask]
>> Subject: gLite 3.1
>>
>> Can I clarify something I was confused about in the meeting this
>> morning regarding the schedule for de-certifying sites still running
>> gLite 3.1 software? According to my notes from the meeting of 17 July,
>> we had until 1 October to upgrade from gLite 3.1, not 1 September. My
>> memory is also that the tickets to be raised in a week were
>> deliberately to give us 6 weeks warning - which reinforces my notes.
>> The minutes of that meeting also state *end-September* for gLite 3.1
>> de-certification, so my notes match the minutes (which is not always
>> the case!).
>>
>> What is the true situation?
>>
>> John
|