Dear All,
I said I would follow up on why the SHA-2 alarms are raised as 'critical' rather than 'warning' given that the former means that we have no way of keeping things simple where we know that the endpoint is not a concern. I was aware that the upgrade was not mandatory but specifically (took an action and) asked within EGI about the alarm types and here is the response from Tiziana Ferrari:
"by returning WARNING none of the site administrators would be actively notified that they are running non SHA-2 compliant services.
At the last OMB we decided to not make the upgrade mandatory, but to still returning CRITICAL to have an active notification through a GGUS ticket and collect feedback about upgrade plans. This information will be analyzed at the end of August to understand how ready the infrastructure will likely be at the end of September.
Without collecting this information the risk is that WARNINGS will be completely neglected and we will be in September, close to the deadline, with an infrastructure that did not make any significant progress. The notifications started around mid July, which means approximately 2 months before the default start of issuing of SHA-2 certificates.
So to answer your question the upgrade is not mandatory, but the response to the ticket is (we specified a deadline)."
I recall the discussion about the non-mandatory nature of the updates but missed the argument that critical alarms are needed in order to ensure people take note. Whilst in the UK I'm sure we could have managed this with 'warning' notifications, this may not be the case across all of EGI. Given this and the fact it was agreed I am not currently inclined to request any change, though I appreciate that it is more frustrating than it needed to be. However I can be persuaded to feedback an amendment request if there are still widely supported and strong arguments in favour of such a request.
Following Kashif's observation, I would suggest if a service is to be upgraded to be SHA-2 compliant then the upgrade plan is added to the ticket and the ticket put on-hold. If the ticket refers to an entity that is not going to be upgraded then I would comment as such in the ticket and again put the ticket on-hold until the service is removed and then comment in and close the ticket.
Jeremy
On 23 Jul 2013, at 13:34, Alessandra Forti wrote:
> On 23/07/2013 13:33, Kashif Mohammad wrote:
>> Hi Jeremy
>>
>> I couldn't attend ops meeting today so I don't know that what was decided regarding SHA-2 tickets. If we close the ticket then alarm will come again in dashboard and it will get expire etc. We can also escalate this problem and ask MW nagios to send only warning ticket before October deadline.
> this sounds sensible.
>
>>
>> Cheers
>> Kashif
>> ________________________________________
>> From: Testbed Support for GridPP member institutes [[log in to unmask]] on behalf of Daniela Bauer [[log in to unmask]]
>> Sent: Tuesday, July 23, 2013 11:07 AM
>> To: [log in to unmask]
>> Subject: Re: Tickets for the 23rd of July
>>
>> Of course we'll end up with lots of red boxes on the dashboard again, as all these tickets will be over the 30 day limit.
>>
>> Sigh.
>>
>> Daniela
>>
>>
>> On 23 July 2013 10:56, Stephen Jones <[log in to unmask]<mailto:[log in to unmask]>> wrote:
>> On 07/23/2013 10:39 AM, Christopher J. Walker wrote:
>>
>> How are the "The powers that be" supposed to know that? Telepathy?
>>
>>
>> You can try telepathy - I use the operations meeting!
>>
>>
>> Steve
>>
>> --
>> Steve Jones [log in to unmask]<mailto:[log in to unmask]>
>> System Administrator office: 220
>> High Energy Physics Division tel (int): 42334
>> Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334<tel:%2B44%20%280%29151%20794%202334>
>> University of Liverpool http://www.liv.ac.uk/physics/hep/
>>
>>
>>
>> --
>> Sent from the pit of despair
>>
>> -----------------------------------------------------------
>> [log in to unmask]<mailto:[log in to unmask]>
>> HEP Group/Physics Dep
>> Imperial College
>> London, SW7 2BW
>> Tel: +44-(0)20-75947810
>> http://www.hep.ph.ic.ac.uk/~dbauer/
>
>
> --
> Facts aren't facts if they come from the wrong people. (Paul Krugman)
|