Dan asked about a VOMS bug that he first pointed out by email earlier this week. In a nutshell, OpenSSL changed from 0.9.6 to 0.9.7 and VOMS hasn't caught up with that change yet. In the Fermilab environment, it is triggered when someone tries to use a certificate from the Kerberized Certificate Authority (KCA). This has been a bug since day one, but only recently has it become a widespread issue, because many people have been using certificates from other, non-Kerberized CAs until now.
The VDT team reiterated that they would work with the VOMS developers to get the bug fixed ASAP. However, August is a traditional month of vacations in Italy (where the VOMS developers are), and it may be difficult getting a fix soon. At this time, we do not have any estimates from the Italian team. Once a patch is available, we will probably need to do a one-time special build of VOMS for Fermilab, because we may not be ready to release the version of the VDT that includes right away.
Also, it was noted that the latest version of VOMS has a slightly different database format. There is a script to upgrade the database to the new format, and there is also a compatibility mode for running the latest VOMS with the older database format. The latter approach seems most useful to Fermilab in the short term, because upgrading the VOMS database to the new format requires that other software packages be upgraded to work with it (notably VOMS Admin).
Vikram asked if the VDT team had built PRIMA against Globus Toolkit 4 yet; they have not. Vikram reported that he successfully built PRIMA against GT4, but that it crashes with a segmentation fault. The VDT team reported that they have successfully run a PRIMA built against GT3.2 under GT4. Nate offerred to try an NMI build of PRIMA against GT4.