Hi all,

As I explained in my previous email, the Pakiti is not in production yet.
But it does not mean that OSCT could not use it, and it is only way for the
project to have some ideas of current patching status across all EGEE sites.


I was only very recently (about 2 weeks ago) authorized to access the Pakiti
server. And I believed that I also asked the developers to authorize both
Jeremy and Alessandra to access Pakiti server as well. 

As the result is encrypted, only authorized persons can read it. Even you
know its exist you can't access to it if you are not authorized. If there is
any problem associated with UK sites, people (means me, Jeremy and
Alessandra) from UK will follow it up. 

Cheers,

Mingchao

> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Alessandra Forti
> Sent: 29 September 2009 15:09
> To: [log in to unmask]
> Subject: Re: recent EGEE policy wrt kernel patching
> 
> Hi Dave,
> 
> it doesn't say it is in production and actively used. It says it is
> being setup without much detail.
> If  a server like pakiti is put into production, OSCT should
> send a formal email saying from this day this server is active and
> an explanation on how to use it so that sites can also verify their
> situation.
> 
> I might be wrong but I believe that if this sort of communication had
> been sent around
> this thread wouldn't have started.
> 
> cheers
> alessandra
> 
> 
> Kelsey, David (STFC,RAL,PPD) wrote:
> > Several of you on this list have stated that you have never heard of
> > this security monitoring activity.
> >
> > The EGEE security operations activity is organised on a regional basis.
> > As you all know, Mingchao Ma is our regional security officer.  I don't
> > know when Mingchao first talked about this to the UK community, but I do
> > know that this was covered in his talk to the UK HEP Sysman meeting on
> > 1st July 2009.
> >
> > See slides 13 and 14 in
> > http://hepwww.rl.ac.uk/sysman/June2009/talks/Day2/Security%20Update.ppt
> >
> > Dave K
> >
> > ------------------------------------------------
> > Dr David Kelsey
> > Particle Physics Department
> > Rutherford Appleton Laboratory
> > Chilton, DIDCOT, OX11 0QX, UK
> >
> > e-mail: [log in to unmask]
> > Tel: [+44](0)1235 445746 (direct)
> > Fax: [+44](0)1235 446733
> > ------------------------------------------------
> >
> >
> >
> > -----Original Message-----
> > From: Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of Simon George
> > Sent: 25 September 2009 14:04
> > To: [log in to unmask]
> > Subject: Re: recent EGEE policy wrt kernel patching
> >
> > Thanks for the link Pete. Maybe I missed something because this is the
> > first I have heard about it.
> >
> > So in my opinion, EGEE needs to improve communication about this.
> >
> > I think all site monitoring used to make decisions about sites should at
> > least be open to the sites themselves to ensure accuracy. Since I have
> > not heard anything about this until now, and still nothing officially
> > with a reference to the stats for my site, I think it would be
> > unreasonable to blacklist sites based on private and possibly wrong
> > information held about them. We all know how much effort we, the sites,
> > have to put into each new monitoring/accounting initiative to make sure
> > it is right before it can be used.
> >
> > Cheers,
> > Simon
> >
> > Peter Gronbech wrote:
> >
> >> This security testing has been talked about for some time and was run
> >> by Romain Wartels group.
> >> It basically ran a grid job at your site which did a rpm -qa and then
> >> compared that with what was expected for a system running that OS.
> >> http://indico.cern.ch/contributionDisplay.py?contribId=107&sessionId=1
> >> 37
> >> &confId=55893
> >> Shows an abstract and a Poster they presented about it at EGEE09 this
> >> week.
> >>
> >> I must admit I was surprised that they sent the email from the EGEE
> >> PMB saying sites that did not act would be de certified, but I think
> >> I'm in favour generally.
> >>
> >> I have no doubt that the data stored is being held in a responsible
> >>
> > way.
> >
> >> Cheers Pete
> >>
> >>
> 
> --
> Mindmelds. The last time I heard the words "my mind to your mind", I had a
> headache for two weeks. (Janeway, ST Voyager)
> 
> Northgrid Tier2 Technical Coordinator
> http://www.hep.manchester.ac.uk/computing/tier2