 |
 |
@olifre @bbockelm Gentleman and all other interested parties. Release deadlines are fast approaching and our options are slowly dwindling. The one thing that is becoming very clear is that providing crl refresh for older OpenSSL versions is going to be more difficult that one would have hoped. The upshot is that we can easily provide refresh for RH7 and above but not for vanilla RH6. The argument could be made that this is OK since RH6 sites should have installed more recent versions of OpenSSL due to numerous security issues present in the default install. Furthermore, these sites are few and they never had crl refresh before so perhaps they can continue without. Who knows, maybe all their servers are running RH7 and it's only their their batch farms, which make the matter moot. I am sympathetic to both of these arguments. I would rather not hold up this feature due to a few sites that already have severe security issues anyway. Well, that's my feeling at the moment. I would like all of your opinions whether to take this approach or not. If we do, we could have something in short order, perhaps even for 4.12.0 with a possible back port. Otherwise, it looks like at least a 3 week delay. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/750#issuecomment-618059723 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1