Hi David, I understand your concerns - and, of course, the patch/update design will have to provide a secure scheme. The basic idea that has been wondering around my head recently would be to implement a "Check Updates" that would allow the Node Manager to check for updates and allow to "download & apply" patches for the currently installed version.
For the offline CAs, we could implement a script that is capable of working with retrieved patch files - that is: download the update file on the online environment, transfer it to the CA and use the script to apply the patch to the offline CA. The best would also be to be able to roll-back the applied update. In any case, I am not in favor of automatic updates without the supervision of an operator - that might lead to issues that would be very difficult to catch. How does this sound ? Cheers, Max On 04/07/2010 05:20 AM, David O'Callaghan wrote:
Hi Max, On 06/04/10 22:52, Massimiliano Pala wrote:OpenCA-ers (all of you), what would you prefer ? - Fast patch (but multiple files involved, etc...) - New version of OpenCA (released within the next month with the auto-update feature) ?Not (yet) an active user of 1.1.0, but my CA will be running off-line, so on-line auto-update will not be useful for me (and I'd be concerned about the security implications).
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
