On Wed, Feb 08, 2012 at 06:47:45PM -0500, John David Anglin wrote:
> On 8-Feb-12, at 5:16 PM, Thibaut VARENE wrote:
>
> >On Wed, Feb 8, 2012 at 3:33 PM, dann frazier <dannf@xxxxxxxxx> wrote:
> >>As Paul noted[1], parisc-linux.org was running a vulnerable
> >>apache which got the attention of HP's security audit team. I've been
> >>doing most of the maintenance of the OS on this machine for a while,
> >>but that has just meant apt-get upgrading when cron-apt told me
> >>to for
> >>a few years. Turns out apache-ssl was obsolete (an etch version!), so
> >>no amount of upgrading was going to fix that.
> >>
> >>At this point I've removed apache-ssl. I tried installing apache2 to
> >>see if any web pages would magically work - it didn't, so right now
> >>the website is 404 farm :( I didn't spend much time trying to handle
> >>that since.....
> >>
> >>parisc-linux.org is running the last stable release of Debian that
> >>supported hppa ('lenny'), and its life is now expired. As such, I
> >>think we really need to migrate the site to another maintained
> >>distribution and/or architecture. I'm willing to help migrate
> >>services
> >>for the next month or so - let's just say 2012.03.14 for a good round
> >>(heh) date - after which I plan to halt this system and let HP know
> >>the hardware can be put to other uses. From what I can tell, we
> >>originally installed this system almost exactly 9 years ago - ah,
> >>rememember its predecessor dsl2? Good times. Anyway -
> >>
> >>*************************************************************************
> >>*** If you need any data off this machine, now's the time to
> >>grab it! ***
> >>*************************************************************************
> >>
> >>If you'd like to take over longterm hosting the website/domain,
> >>please
> >>get in touch with taggart or I. If you'd like to continue using the
> >>machine and/or HP's network to do the hosting, I can probably find a
> >>contact for you there - though I wouldn't bet on it.
> >>
> >>In the meantime, if anyone wants to get the website working on
> >>apache2
> >>for the remainder of the system's lifetime, please let me know.
> >
> >Hi Dann,
> >
> >What's the status of @p-l.o email addresses? I'm receiving a fair bit
> >of email on this domain, and I think others do too, if we need to move
> >on elsewhere it'd be nice to have a little headstart... ;)
> >
> >Thanks
> >
> >T-Bone
> >
> >
>
>
> parisc-linux.org could be updated to unstable. As I have mentioned,
> I am working
> to restart an unstable buildd for parisc.
Yeah, I know this had started, but I haven't been keeping up with
the current status.
> The magnum machine in the
> ESIEE cluster
> is currently being updated for this purpose. It is currently
> running a 3.2.2 kernel
> and glibc 2.13-10. I intend to update it to 3.2.4 and glibc 2.13-26
> this weekend.
> I have built a big hunk of unstable/
>
> As far as I can tell, the last kernel patch that I post to the
> @p-l.o list, resolves the SMP
> stability issues that have plagued parisc for years. I now have
> about six weeks running
> experience on rp3440s without a single random segmentation fault or
> hpmc. The
> machines have been running at load levels not previously possible.
> This is the result
> of many incremental fixes to the tool chain and the kernel.
Cool
> I have no objection to moving the site to another arch although
> there is some political
> benefit to having it run on parisc. I am willing to try to build
> apache2 from unstable.
Well, we have apache2 installed from lenny now - it just isn't serving
anything useful :)
> I believe it would be useful to keep the site going until we see if
> restarting buildd will
> fly or not given the current level of improvement.
I am supportive of the site continuing to self-host, and I realize
that means it needs to run devel bits. But, there's two separate
issues I see there.
1) We need to bridge the gap between now and then. Even if we had a
buildd online today, just grinding through the necessary backlog
would take weeks.
2) I won't have time to be the principle admin for a system running
unstable. I'm happy to help here & there, and w/ whatever
transition ends up happening, but things like manually
patching/fixing kernels, monitoring security updates and how they
impact our bits, etc. Its a lot of work just for managing a single
host.
For 1) I think the right answer is to move services to a new
stable/secure host for the time being and shut the existing machine
down. We can retain the option of moving things back once the unstable
port is in full force. As a side benefit, such a migration should also
help get the existing services running w/ newer packages
(e.g. apache2) and allow us cleanly transition services over w/
minimal downtime (demonstrate a working system first, then update DNS
records). Who knows how painful it will be to go from pre-lenny to sid
all at once.
2) can be solved by moving the domain to someone else's
infrastructure, or having a trusted volunteer to be the primary
admin for the system.
--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
