Advanced Computing for Research at EGI: Where Information Goes and Plans for the Future
Explore the infrastructure of EGI Foundation funded by the European Commission under the H2020 Programme. This content delves into the location of critical information on EGI Wiki, current and future spaces for advisories, and the handling of vulnerabilities. Discover the essential guidelines for maintaining advisories and ensuring collaborative editing access for SVG members. Stay updated on public pages and resources related to EGI's computing research endeavors.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
EGI: Advanced Computing for Research www.egi.eu @EGI_eInfra SVG Where we fit in And what we need to fix Linda Cornwall RAL/STFC/UKRI The work of the EGI Foundation is partly funded by the European Commission under H2020 Framework Programme
SVG This talk NOT going into detailed procedure Focus on Where information goes Scope Plans www.egi.eu @EGI_eInfra 2 21/03/2025
Location of information Current EGI wiki -deprecated https://wiki.egi.eu/wiki/SVG:SVG A lot of our info is here even if not very up to date Don t want to lose it Need a public SVG area for whatever replaces it o Confluence? Update gradually while moving to whatever replaces it? Or is this info going to be moved to the replacement for us? Currently Advisories are on the EGI Wiki in the SVG area Need to be kept available in some way www.egi.eu @EGI_eInfra 3 21/03/2025
Location of information EOSC-hub confluence The EOSC-hub project has ended. This space is READ ONLY Includes the procedure ISM2 Software Vulnerability Handling Procedure https://confluence.egi.eu/pages/viewpage.action?spaceKey=EOSC&title=ISM2+Softwa re+Vulnerability+Handling+Procedure# And lots of other ISM stuff Will need somewhere for this to go, as we evolve it. o Again, we don t want to lose what we have, much needs changing/updating but would be silly to start from scratch Most SVG stuff may be more EGI ACE (e.g. vulnerability handing in EGI) rather than EOSC future. www.egi.eu @EGI_eInfra 4 21/03/2025
Location of information EGI SVG private confluence Hopefully we can keep this, a lot of our info on scope of SVG and evolution is there We should utilize it more www.egi.eu @EGI_eInfra 5 21/03/2025
Location of information CSIRT public page https://csirt.egi.eu/ Pointers to our advisories, some info on vulnerabilities which we haven t issued an advisory on www.egi.eu @EGI_eInfra 6 21/03/2025
Where should advisories go? I have no ideology concerning where they go, My only essential non-negotiable requirements are:-- 1. Old should be kept, and kept public o Occasionally an old one pops up o Record of our work for the last decade o Still have the pre-EGI ones https://archive.gridpp.ac.uk/gsvg/advisories/ 2. A number of SVG members (pref e.g. SVG-RAT, other SSO) should be able to edit o No use if only 1 or 2 people can edit CSIRT web page not suitable only Barbara can edit www.egi.eu @EGI_eInfra 7 21/03/2025
Scope of SVG At least for now Discussed scope last year EGI UMD and EGI CMD Relevant Linux OS distributions, including RedHat Enterprise Linux (RHEL), CentOS, Extra Packages for Enterprise Linux (EPEL). Other software we (the RAT) know is used on the infrastructure and possibly affected by security concerns (e.g. Singularity). Other relevant software in widespread use in EGI, covered by Deployment Expert Group (DEG). Noting that scope even within EGI depends on participation in DEG, due to proliferation of software and service types. www.egi.eu @EGI_eInfra 8 21/03/2025
SVG evolution And getting DEG going I want to give this a try and see rather than try and get it perfect At least on scope on previous slide and DEG procedure we already have www.egi.eu @EGI_eInfra 9 21/03/2025
More on scope less obvious . Hub Portfolio https://wiki.eosc- hub.eu/pages/viewpage.action?spaceKey=EOSC&title=The+Hub+portfolio This could be part of EOSC future? This was said to be in scope for EOSC-hub EUDAT Centrally operated services EOSC catalogue NOT in basic scope (300 services) www.egi.eu @EGI_eInfra 10 21/03/2025
EOSC catalogue + other things not in scope Good practice in conjunction with new WISE working group. For selecting software, updated criteria similar to https://wiki.egi.eu/wiki/SVG:Software_Security_Checklist should revise Patching Having means of reporting and handling vulnerabilities in software o Especially software developed by the project . Another possibility is for vulnerabilities which are announced (e.g. in Linux) have patching dependent on CVSS score + our mitigating/aggravating circumstances Possibility of some joining SVG-RAT, or DEG if want wider collaboration on vulnerabilities with services in catalogue. www.egi.eu @EGI_eInfra 11 21/03/2025
EGI conference Plan to submit an abstract for a short talk Saying we have been handling vulnerabilities for EGI and its predecessors for 15 years, will describe basic procedure, how we are evolving for new challenges etc. Unless SVG can be part of a more general security submission By October hope to have more details, plenty to say www.egi.eu @EGI_eInfra 12 21/03/2025
Comments, questions, discussion? ??? www.egi.eu @EGI_eInfra 13 21/03/2025
