I would still suggest that vulnerabilities (at least critical) should be patched a.s.a.p. and do not suggest waiting 3 days.
If a site patches a critical straight away, even if it results in downtime, that should not count against them. In fact it is what is preferred.
Linda.
> -----Original Message-----
> From: Peter Solagna [mailto:[log in to unmask]]
> Sent: 16 May 2017 14:07
> To: Cornwall, Linda (STFC,RAL,PPD)
> Cc: [log in to unmask]
> Subject: Re: [Noc-managers] Downtime declaration proposals
>
> Hi Linda,
>
> discussing with WLCG we considered a new proposal of 3 days (rather than 5)
> notice. I think that this would be better, and compatible with the vulnerabilities
> handling, what is your opinion?
>
> Peter
>
> On 16 May 2017 at 14:22, <[log in to unmask]> wrote:
> > Dear NGI Operations Managers,
> >
> > A comment from the meeting on 4th May, on downtime declaration.
> >
> > https://indico.egi.eu/indico/event/3237/contribution/4/material/slides
> > /0.pdf
> >
> > On slide 5, as I commented at the time but isn't in the minutes, where it says
> people have 7 days to act on a critical vulnerability is nonsense. People should
> act a.s.a.p. The idea is to fix as fast as possible, not wait 5 days! The 7 days is if
> you don't do something by then you might get suspended.
> >
> > In my opinion any downtime to act on a request from the security team should
> not count against sites as they are doing the right thing.
> >
> > Also giving 5 days notice for short interventions is probably a bad idea.
> >
> > Linda.
> >
> >
> >
> > ------------------------------------------------------------------
> > Dr Linda Cornwall,
> > Particle Physics Department,
> > STFC Rutherford Appleton Laboratory,
> > Harwell Campus,
> > DIDCOT, OX11 OQX,
> > United Kingdom
> >
> > E-mail [log in to unmask]
> > Tel. +44 (0) 1235 44 6138
> > Skype linda.ann.cornwall
> >
> >
> >
> > _______________________________________________
> > Noc-managers mailing list
> > [log in to unmask]
> > https://mailman.egi.eu/mailman/listinfo/noc-managers
>
>
>
> --
> Peter Solagna
> EGI Foundation - Senior Operations Manager
> email: [log in to unmask]
> skype: peter.solagna.egi
> Mobile: +31(0)630373070
|