The VDT team is still collecting requirements from the community about what they would like to see in future versions of the VDT. The team has also already begun discussions with the OSG executive team about priorities. Alain Roy will send an updated priorities list out later this week. Abhishek is still volunteering to follow up with larger VOs to get their set of requirements. The due date for the requirements list is Monday, April 2nd.
Other recent changes include adding VOMS-RS to VDT 1.6.1 and the Condor-NSF-Lite manager. The VDT team has also begun exploring porting packages to AIX 5.2/5.3 and x86 Mac OSX 10.4.
Two exploits that affect the VDT have been recently announced. The first is a hole in Tomcat 5.0/5.5 that allows malicious users to construct clever URLs to view web pages that have restricted public access. The second problem is an exploit in MySQL-5. Neither of these bugs pose a serious threat to VDT users since very few installation sites use MySQL-5 or Tomcat-5.5. The only package in the VDT that uses MySQL-5 is Gratia-Services, which is only installed at the FermiLab and who deploy their Gratia installation without the VDT. Note that users who run the Gratia-Probes are not affected.
There is no planned upgrade fix for Tomcat-5.0, but one has been released for Tomcat-5.5. The VDT will provide documentation today on how to disable the exploitable feature in Tomcat-5.0. The VDT team will also use these security exploits as an opportunity to test its upgrade procedures so that they may be more prepared when a critical security exploit is announced in the future.
Several of the attendees had operational questions about the VDT: