P. Larry Nelson wrote:
Hi,
I just received a "HIGH criticality" email from
[email protected] stating:
"Do NOT upgrade to OpenSSL 1.x. The new OpenSSL version breaks the
certificate authentication for OSG/VDT."
Not having my ear to the ground vis-a-vis openssl, does anyone know if
that version is due to be released soon? Will it come from TUV or
directly from openssl.org? (Troy/Connie question)
Right now, we have openssl-0.9.8e-12.el5_4.1.
I suppose the thing to do is to go and edit the yum.cron.excludes on
all our OSG nodes to block openssl* until this issue is fixed. [sigh...]
- Larry
Scientific Linux, and RHEL are enterprise linux distributions.
This means that they do *not* just update to the latest versions of
packages. RedHat and SL will *not* just update to the latest version of
openssl, just because it was released.
SL 4.0 had openssl 0.9.7a
SL 4.8 has openssl 0.9.7a
Thas is after five years, we still have the same version of openssl.
RedHat backports all the security fixes into the 0.9.7a version for
RHEL4 (and hense SL4).
SL 5.0 had openssl 0.9.8b
SL 5.4 has openssl 0.9.8e
After 3 years, SL5 is still at version 0.9.8, although we have moved
from b to e.
I cannot say for 100% certain, because we are not RedHat. But according
to all their policies, goals, statements and past history, they are not
going to move openssl above version 0.9.8 for RHEL 5 (and hense SL5)
Troy
--
__________________________________________________
Troy Dawson [email protected] (630)840-6468
Fermilab ComputingDivision/LSCS/CSI/USS Group
__________________________________________________
