> So you are defining your own procedure and sticking to it? And thus
My procedure concerns me and the sites I'm coordinating with whom I
discussed before hand what to do.
> requiring others to implement it. I think procedures should be agreed
> not imposed, or if they are imposed then by someone who has been given a
> mandate to impose.
I never impose anything in Northgrid. I can't in the first place but even
if I could I wouldn't do it.
> You also seem to be taking action that does not affect your own site as
> you have withdrawn from the grid for November for other reasons
If Manchester was up I would have applied the same. I don't put anybody on
the line if I'm not prepared to do the same. I'm afraid to say it is often
the opposite... I'm on the line when someone else should be there.
cheers
alessandra
>
>
> John
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Alessandra Forti
>> Sent: 28 November 2005 12:17
>> To: [log in to unmask]
>> Subject: Re: Grid Security Advisory: R-GMA used to bypass
>> site firewall controls (fwd)
>>
>> Hi John,
>>
>> it might look excessive to you but I want an rpm and I want a
>> procedure for security patches. I'm afraid a recipe from the
>> developers posted on a mailing list that asks me to edit a
>> file is not what I want for the future.
>>
>> If we want security to be taken seriously we have to be
>> prepared to switch services off and the system has to be
>> quick to send out a proper patch.
>> It is unfortunate it is RGMA in the middle.
>>
>> I sent the same comments to the security contact mailing
>> list. I think I'll stick to a procedure for now. Even if it
>> is not there yet I think it is time to have it.
>>
>> thanks
>>
>> cheers
>> alessandra
>>
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|