Source: gridengine Severity: wishlist Tags: security I've worked on packaging for SGE to address problems with the current version and to support (pre-release) SGE 8.1.3, though it will work with the 8.1.2 with minor changes. The sge source <https://arc.liv.ac.uk/trac/SGE/browser/sge> now has simple packaging for installing into /opt/sge, but this is different.
There's a separate packaging repo at <https://arc.liv.ac.uk/trac/SGE/browser/gridengine.debian> based on the current Debian version, which will work with the latest snapshot <http://arc.liv.ac.uk/downloads/SGE/snapshots/>. There are git and hg repos in http://arc.liv.ac.uk/repos/{git,hg}/gridengine.debian. I'm sure there are problems with it -- let me know and I'll try to look into them. I don't properly understand current Debian packaging and the specifics of the gridengine stuff, and I simplified it by punting to dh defaults. I also may not have got conflicts/breaks right for the bits I moved around. It solves real problems with the current packaging (such as not shipping important parts), and there are hundreds of improvements over 6.2u5 in the base. I've tagged this security as this version: * allows installing in CSP mode; * changes the default configuration to avoid remote root without CSP, assuming a separate qmaster <http://arc.liv.ac.uk/SGE/howto/sge-security.html>; * fixes problems with sgepasswd (now included) which weren't addressed by 6.2u5-7.1 changes; * avoids the remote startup part of the CVE that the bogus 6.2u5-7.1 change didn't get right. The major incompatibility is that the remote startup is changed to the default (builtin) so that tight integration (control and accounting) works. If you really want to use ssh by default, the configuration should install the PAM module in a suitable way on execution hosts. It's possible to upgrade in place from 6.2u5, but there's no mechanism in the packaging for supervising that by shutting down execds and ensuring everything starts back up on a consistent version. HTH. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org