Subject: | |
From: | |
Reply To: | P. Larry Nelson |
Date: | Thu, 28 Jan 2010 14:15:42 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi Troy,
Troy Dawson wrote on 1/28/2010 1:55 PM:
> P. Larry Nelson wrote:
>> Hi,
>>
>> I just received a "HIGH criticality" email from
>> [log in to unmask] stating:
>>
>> "Do NOT upgrade to OpenSSL 1.x. The new OpenSSL version breaks the
>> certificate authentication for OSG/VDT."
>>
>> Not having my ear to the ground vis-a-vis openssl, does anyone know if
>> that version is due to be released soon? Will it come from TUV or
>> directly from openssl.org? (Troy/Connie question)
>>
>> Right now, we have openssl-0.9.8e-12.el5_4.1.
>>
>> I suppose the thing to do is to go and edit the yum.cron.excludes on
>> all our OSG nodes to block openssl* until this issue is fixed. [sigh...]
>>
>> - Larry
>>
>
> Scientific Linux, and RHEL are enterprise linux distributions.
> This means that they do *not* just update to the latest versions of
> packages. RedHat and SL will *not* just update to the latest version of
> openssl, just because it was released.
>
> SL 4.0 had openssl 0.9.7a
> SL 4.8 has openssl 0.9.7a
>
> Thas is after five years, we still have the same version of openssl.
> RedHat backports all the security fixes into the 0.9.7a version for
> RHEL4 (and hense SL4).
>
> SL 5.0 had openssl 0.9.8b
> SL 5.4 has openssl 0.9.8e
>
> After 3 years, SL5 is still at version 0.9.8, although we have moved
> from b to e.
> I cannot say for 100% certain, because we are not RedHat. But according
> to all their policies, goals, statements and past history, they are not
> going to move openssl above version 0.9.8 for RHEL 5 (and hense SL5)
>
> Troy
Thanks for the info and history lesson. I didn't know and didn't want
to assume. As far as I knew, openssl 1.x might have been a big hairy
deal security fix that was imminent.
- Larry
--
P. Larry Nelson (217-244-9855) | Systems/Network Administrator
461 Loomis Lab | High Energy Physics Group
1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill.
MailTo:[log in to unmask] | http://www.roadkill.com/lnelson/
-------------------------------------------------------------------
"Information without accountability is just noise." - P.L. Nelson
|
|
|