Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

VDT Office Hours 14 September 2006


Recent Security Updates

The VDT team has been working on minor fixes for the recent security updates. This fixes are more about the deployment procedures and not the actual updated files and packages. There will be an updated version of the Globus-Security-Update-1 package out later today that contains a small patch. The reason for these recent updates are because we have discovered problems with how the packages are overlaid in already deployed VDT installations.

Wayne brought up the point that it was difficult to figure out how to make all the changes at once (after a week of the patches being released), rather than updating piece by piece as the VDT team releases them. At this point, if someone has not yet taken the updates, they just need to install the update package (Globus-Security-Update-1 and VOMS-Security-Update-1) and can ignore the "how to fix" messages.

Alain commented that the there are separate security update packages for Globus and VOMS because although they correct the same problem, the two packages are based on different code bases: one is in Globus, the other is in VOMS.

There was also a small discussion about ways to check that the patches were correctly applied. Tim has done extensive testing on grid-proxy-init and grid-proxy-info using strace to make sure that the files are indeed updated. There is no outwardly information that users can look for to make sure that updated code path is being executed.

Major Tasks Ahead

A top priority for the VDT team in the upcoming months will be to make it easier for users to upgrade VDT installations. We also plan to slightly revise our software release policy; in particular, we will change the frequency and type of releases. Details will be forthcoming soon.

Cert scripts

Doug Olson provides the VDT with utility scripts for certificates (called the PPDG-Cert-Scripts package, though we should probably update that name). The package currently contains both scripts and a list of acceptable OSG VOs. This should be split into two packages, so that the list of acceptable OSG VOs can be updated independently. Doug and Alain will discuss this and will make it happen.