Certificate Management stuff
Ivan R. Judson
judson at mcs.anl.gov
Wed Jan 28 13:38:50 CST 2004
> -----Original Message-----
> From: Robert Olson [mailto:olson at mcs.anl.gov]
> Sent: Wednesday, January 28, 2004 1:25 PM
> To: judson at mcs.anl.gov
> Cc: ag-dev at mcs.anl.gov
> Subject: RE: Certificate Management stuff
>
>
> >There are solutions to the "certificate on every machine" that can
> >alleviate the problem without doing the online ca thing, right? What
> >are those solutions? Have you looked at what's already
> available in the
> >pyGlobus MyProxy interfaces?
>
> Either solution would require similar up-front
> infrastructure, involving determing which (online CA / my
> proxy server / what login name), to use for a given
> connection to a server.
Makes sense.
> >I guess all I'm saying is there is a lot of discussion that needs to
> >happen, discussion before cvs commits is always good,
> especially when
> >it's used to gain support for your development plans. That
> one of the
> >main points of having the AGEP process, we need to convince
> each other,
> >during that process many opportunities for improving our
> plans may be
> >exposed. I'm not against your plan, just want to make sure it's the
> >best one before I can say, "yeah, that's the way to go."
>
> The point is that I'm not yet convinced myself of how this
> needs to be done, and need to do the groundwork to determine
> it. I want to do this groundwork before we do a major release
> so that we don't get nailed for having missed some piece of
> underlayment that was required but would be more work than we
> want to put into a minor release later on.
If *you* aren't convinced yet then I'm really skeptical that the code should
be put in cvs. If it's proof of concept or trying to figure it out, make a
branch. Then it won't taint the trunk which should not be exploratory code.
> > > Like I said; the first set of changes is largely in place already
> > > but we need to get newer pyGlobus (with the exceptions
> support) in
> > > place for people or it will break; I'd rather not add
> code to handle
> > > both old and new pyGLobus.
> >
> >This is something Matt is working on, right? Are you keeping
> in synch
> >with him so this enables you as quickly as possible?
>
> I'm enabled :-) it's the rest of the group that would get
> hit. I'm assuming since I've not heard otherwise that he's
> seen the changes (since I sent them out on the topic earlier)
> and he'll drop by with questions as they occur. I'll give him
> a poke too.
Thanks for actively chasing this with Matt; it's important that *everyone*
be enabled as soon as we can so we can do our testing and packaging without
any snafus.
--Ivna
More information about the ag-dev
mailing list