Alastair, Carol, Ian
These were accepted.
The shutting down (or rather, non-reinstatement) of the condor service should probably be at least notified to CSG.
Deferred to mid-May, as the next TC meeting will be 15th June.
It was suggested that an additional layer of security could be added by configuring the ssh daemon with a restricted set of allowed shell commands. To be added to the services-unit ToDo list.
Just US to do now.
Possible solution now in place, so over to RAT for testing.
Report from Computing Executive Group
Reports from units.
The question was raised as to whether this would be the same code as we use elsewhere. To be clarified. The main server room should still be locked (by key) out of hours.
How does the self-managed server room compare? Inf-unit will check and add to the wiki page. A blog entry was suggested.
It was suggested that this could go in by default for SL6.
A blog item discussing alternative browser options and issues was suggested.
It was thought odd that things froze with RAID1. Neil and Stephen will take a closer look.
Although it's sometimes useful to pile all (or at least most) COs onto some particular fileserver for test purposes, as a general rule we should be spread around so that we're not all affected by failures.
We could really do with a replacement AFS test server. This should be prioritised in the current spending round.
We should really be monitoring for the partition-going-read-only situation. The services unit will talk to Chris about getting something added to the hwmon framework.
It's thought that the bpbeast lockup might have been due to mismatched firmware.
Topics for discussion
We should publicise it more! Perhaps a link from the "systems" main page? Perhaps a poster? US to organise. Definitely in sys-announce messages.
It would be expedient to consider it world-readable, and so not put any current exploit information in it. OTOH it should definitely have entries on old exploits which we have fixed.
As a general rule, packages should be made noarch unless this definitely won't work. Beware of paths, 32/64-bit, and preprocessing!
The issue of sub-packages was raised. From F13 it's possible to mix and match within specfiles. This didn't apply before F13, where the first arch specification won, wherever it came in the specfile, which caused problems where the main package didn't have an explicit entry but some sub-package did.
As a general rule, resources are good and build-time substitutions aren't.
This is likely historical. Everyone else puts /usr/bin before /usr/sbin, so we should really change. RAT will sort the pathfix configuration, and write a blog entry.
The next meeting will be on Wednesday 27th April in room 4.31 chaired by George Ross.
Please contact us with any comments or corrections.
Unless explicitly stated otherwise, all material is copyright The University of Edinburgh