Hi Christina,
On Thu, 2013-12-12 at 23:22 +0100, [log in to unmask] wrote:
> Until Monday sites could do:
> # yum downgrade openssl\*
> and will get the 1.0.0-27 from EMI third-party repository. With the
> condition that emi2/3-third-party reopsitories have the same priority as
> the sl-security repository (usually priority=1).
an alternative is to install yum-plugin-versionlock and then:
[root@lcg-cream ~]# cat /etc/yum/pluginconf.d/versionlock.list
0:openssl-devel-1.0.0-27.el6.x86_64
0:openssl-1.0.0-27.el6.x86_64
But this is a real mess - we are currently in the situation to either
run an insecure service or be unable to run the service at all! What
makes the situation even worse is that all the clients must update their
libgridsite to a version that creates at least 1024-bit proxies by
default (or did I understand this incorrectly?). Furthermore I currently
don't have a chance see which clients still delegate 512-bit proxies to
our cream instance to see how the situation improves over the next time.
Any advises to handle this situation?
Thanks,
Andreas
--
| Andreas Haupt | E-Mail: [log in to unmask]
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216
|