Today we released updates to VDT 1.3.9, 1.3.10 and 1.3.11 to address the recent Globus security vulnerability. More information
We worked hard to make it a reversible installation, in case anyone had problems with it.
Alan Sill asked if there was a low-volume vdt-announce mailing list that he could subscribe to instead of vdt-discuss. Alain said that in practice, vdt-discuss is low-volume because discussions are rare and announcements are rare. That said, we'll consider adding a vdt-announce mailing list.
David asked about OSG 0.5.0, which he is experimenting with. Does it contain the security fix. Rob Quick said that it has not yet been released, but when it is, it will be installed by default. John confirmed that the security fix has been in OSG 0.5.0 since 2:00pm yesterday.
Alain talked about the VDT team's goal to speed up future security update releases. Alan Sill suggested that we use a community model a bit more. Today, external people can't help much because VDT development is opaque. Alain said it was a good idea (but hard, for technical reasons) and we'll consider it.
Alain asked the Iowa folks abotu BDII. Do they recommend that we have it rely on MDS 2 underneath, or just query the scripts directly? LCG apparently has it rely on MDS 2 for the SE, but not the CE. This is because the BDII is often on a different computer than the SE. They recommend that we do not use MDS 2 at all, and we can deploy BDII/OpenLDAP on multiple computers if necessary. Alain will follow up with others in OSG to see if there is agreement on this.
Demand for VOMRS is growing. Alain and Tanya talked about it a bit. Alain will send Tanya software questionnaire to fill out, and she will send instructions on how to intall VOMRS, so we can investigate getting it into the VDT. VOMRS is mostly in Java and runs as a web service in Tomcat. There are some Python scripts for installation, and it relies on MySQL.
Alan asked about a few srmcp problems. The first is a Pacman problem with Pacman making an incorrect setup.sh file. Alain will work on Saul with this. The second is a problem with srmcp not using CA certificates if they are installed on NFS. Alain will follow up with Timur on this.
Alan Sill is interested in doing NFS-Lite for PBS: allowing the user's home directory not to be shared via NFS, by using some of PBS's abilities. He will talk to Alain and others about this at a later time.
An older ticket has not yet been resolved. It's from Burt and he considers it fairly low priority. The VDT team will coordinate with the VOMS folks to get it resolved. The problem is with permissions on the vomses file: voms-proxy-init seems to be a bit too strict. Burt disagrees with the strictness, but even if it's kept, he wants the error message changed to be more clear.
John Weigand has been pushing for an update to VDT 1.3.11 to fix the GUMS probe. As is, it can consume huge amounts of CPU. Alain dropped this while working on the security update, but promises to get back to it shortly.
Burt has a small patch to gums-host-cron to enable some static text to be appended to the grid3-vo-user-map. He will send it to Alain and to John Weigand. John wants to make sure that it gets into the GUMS code repository. Alain can get it into the VDT if there isn't a new release of GUMS soon.
Vikram wanted to know if he should rebuild PRIMA against a newer version of OpenSSL to address a recently announced security flaw. Alain referred him to the OSG security folks, because no one on the phone call was qualified to comment.