Metadata Distribution Subcommittee of TAC

["Cantor, Scott" <>]

On 10/16/13 11:14 AM, "Tom Scavo" 
<>
 wrote:

>Dean and I met earlier this week to discuss possible next steps with
>respect to the Phase 1 communication plan. We concluded that we need
>to deploy a new metadata aggregate *first*, before we send an
>announcement to site administrators, otherwise we won't be able to
>provide them with an immediate mitigating action and therefore the
>communication will just be cause for alarm without providing a
>possible path forward. I'd be interested in hearing if folks agree
>with this conclusion.

I do. Of course, it's not like something is breaking here (for most) so
it's no cause for panic, but I agree that communicating ahead of having
actual steps to take is not ideal.

>Assuming we do deploy a new metadata aggregate in conjunction with a
>new self-signed signing certificate, the next question is whether or
>not that new aggregate should also be signed using a SHA2-based
>algorithm. If we do, that will complicate the transition to the new
>metadata aggregate. If we don't, then users will end up migrating
>twice. The latter seems to take precedence, so I'd be inclined to
>deploy *one* aggregate with both features.

I would as well. Particularly in that I think very few people that
actually pay attention and change anything will be affected by SHA-2. Your
Red Hat 4 community or people running ancient versions of something are
going to overlap heavily with the community that will do nothing until
something breaks.

But I can see the argument for it being confusing, and I guess my fall
back suggestion has been that we need to establish a *practice* around
having a test aggregate that is production data but with changes like
this. Then these various changes are simply two among many that will occur
over time.

-- Scott