The first issue fixed in this version was reported mid 2011 .
the second one in Nov 2012..
neither sounds that major to me -
but we probably shouldn't discuss the details on this list and I see linda cornwall and john green on the chain of discussion for example so maybe they can better advise.
I can imagine workarounds are possible - but also the upgrade from an existing EMI head node should be easy (and these only affect headnodes in my reading of them).
So I think the easiest is to upgrade rather than get in a mess with patched versions .
However I think we need not to panic about it - given the release of the patches was not done in a panic either.
Probably best discussed off list - I will try and gather info from the DPM team for next ops mtg - and perhaps the security guys can be there too.
Of course if people fancy moving to 1.8.6 before then that is also fine.. I will do it myself tomrrow or Monday just so we know if there are any issues.
I will also kick my srm version monitoring back into life.
Wahid
On 7 Feb 2013, at 14:40, Jeremy Coles <[log in to unmask]> wrote:
> Dear All,
>
> At the WLCG operations meeting it has just been indicated that an update to 1.8.6 is now mandatory due to a security fix. The baseline twiki page has been updated to reflect this requirement https://twiki.cern.ch/twiki/bin/view/LCG/WLCGBaselineVersions.
>
> Please can someone comment on whether update to 1.8.6 is required or can the patch be applied to earlier versions? We have in the UK quite a few sites on 1.8.5, 1.8.4 and one on 1.8.3 (http://www.hep.ph.ic.ac.uk/~dbauer/grid/state_of_the_nation.html).
>
> Thanks,
> Jeremy
>
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|