The VDT team has been working on minor fixes for the recent security updates. This fixes are more about the deployment procedures and not the actual updated files and packages. There will be an updated version of the Globus-Security-Update-1 package out later today that contains a small patch. The reason for these recent updates are because we have discovered problems with how the packages are overlaid in already deployed VDT installations.
Wayne brought up the point that it was difficult to figure out how to make all the changes at once (after a week of the patches being released), rather than updating piece by piece as the VDT team releases them. At this point, if someone has not yet taken the updates, they just need to install the update package (Globus-Security-Update-1 and VOMS-Security-Update-1) and can ignore the "how to fix" messages.
Alain commented that the there are separate security update packages for Globus and VOMS because although they correct the same problem, the two packages are based on different code bases: one is in Globus, the other is in VOMS.
There was also a small discussion about ways to check that the patches were
correctly applied. Tim has done extensive testing on grid-proxy-init
and grid-proxy-info using strace to make sure that the files are
indeed updated. There is no outwardly information that users can look for to make sure that
updated code path is being executed.
A top priority for the VDT team in the upcoming months will be to make it easier for users to upgrade VDT installations. We also plan to slightly revise our software release policy; in particular, we will change the frequency and type of releases. Details will be forthcoming soon.
Doug Olson provides the VDT with utility scripts for certificates (called the PPDG-Cert-Scripts package, though we should probably update that name). The package currently contains both scripts and a list of acceptable OSG VOs. This should be split into two packages, so that the list of acceptable OSG VOs can be updated independently. Doug and Alain will discuss this and will make it happen.