Hi Winnie,
Our plan is to (a) wait for more uk WMSs to be fixed and (b) wait for
the patch to show up in SL6. Once that's done, I'll patch all our
systems in one go.
There must be a way to prohibit yum from updating a particular
package - maybe there's a list or something? Anyway,
think about suppressing the automatic stuff until the time
is right.
Cheers,
Steve
On 01/09/2014 09:45 AM, Winnie Lacesso wrote:
> Dear All,
>
> Am quite concerned about rollout & elsewhere discussion that an upcoming
> openssl update "breaks" proxies (512 vs 1024) or whatever.
>
> According to RHEL, it's on the way
> https://rhn.redhat.com/errata/RHSA-2014-0015.html
> This means it should be available for SL very soon.
>
> On rollout there's discussion of, well to fix the problem update cream
> with this package from epel or emi repos, blah blah. Our site has all
> those repos disabled to go along with the "WE STRONGLY RECOMMEND NOT TO
> USE AUTOMATIC UPDATE PROCEDURE OF ANY KIND" policy. But sl-security
> updates generally *are* automatically applied.
>
> So if this sl-security openssl upcoming update will break *anything*
> (bcs alas our site has very low support) the openssl update maybe
> should be blocked for now till a very very clear+easy path to fixing
> any fallout whatsoever, is documented.
>
> And I think that block should be done real soon like today.
>
> Advice most welcome!
>
> Winnie Lacesso / 55% HPC Storage Admin, 20% Particle Physics, 25% SysOps
> HH Wills Physics Laboratory, Tyndall Avenue, Bristol, BS8 1TL, UK
> University of Bristol
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|