I have already done that with cc also to ukngi-security. I'm surprised
both you and Linda didn't get this or Chris who was explictiely cc'd.
cheers
alessandra
On 10/01/2018 10:15, David Crooks wrote:
> Hi,
>
> Let’s move this specific discussion to [log in to unmask] since we’re discussing site configurations and tb-support is publically archived.
>
> Cheers
> David
>
> On 10/01/2018, 10:03, "Testbed Support for GridPP member institutes on behalf of sjones" <[log in to unmask] on behalf of [log in to unmask]> wrote:
>
> Hi Chris,
>
> On 2018-01-10 09:43, Chris Brew wrote:
> > However, what I’m now more concerned about is the WLCG yesterday and
> > the microcode checker availability script linked. According to the
> > mail and the script, updated microcode is only available for our
> > latest generation of CPUs and everything we bought before our 2016
> > purchase is still vulnerable to CVE-2017-5715 until the software fix
> > is available (in a few weeks).
>
> There may be new microcode for older systems in the pipeline.
>
> > Until the “retpolines” fix is available, it looks like we need to put
> > about 80% of our cluster offline, is that what other sites are doing?
>
> It's useless have a secure system that is turned off - one may as well
> have no system. It might be slightly useful to have an insecure system
> that is turned on?
>
> So I'm leaving it on until either a) we get new microcode for the older
> systems or b) my paranoia get the better of me.
>
> Anybody got a better idea?
>
> Cheers,
>
> Ste
>
>
--
Respect is a rational process. \\//
Fatti non foste a viver come bruti, ma per seguir virtute e canoscenza(Dante)
For Ur-Fascism, disagreement is treason. (U. Eco)
But but but her emails... covfefe!
|