Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

SVG:EGI MW Unit View

From EGIWiki
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

EGI MW Unit View

The majority of the Grid middleware deployed in the EGI infrastructure is released as part of the EGI Unified Middleware Distribution UMD. Hence the EGI Middleware Unit, who distribute software in the UMD will need to interact with the EGI SVG.

The EGI Middleware Unit will be alerted when a Risk Assessment is Complete

Representatives of the EGI middleware unit, as agreed with SVG will be informed by e-mail after a Risk Assessment has taken place. The contacts have been agreed. The e-mail will include the Risk category and Target Date for resolution, and a link to the vulnerability in the EGI Request Tracker. These agreed contacts will be able to view this item in the Request Tracker.

The EGI Middleware Unit ensures the vulnerability is fixed in time for the Target Date

The EGI middleware unit and the software provider will need to co-ordinate to ensure that a new version of the software, with the vulnerability fixed, is available on or before the Target Date. This must be available for widespread deployment in the EGI infrastructure.

In some cases, such as if issues are categorized as High or Critical Risk, and emergency release may need to be made.

The EGI Middleware Unit informs SVG when about to release a version which fixes a vulnerability

The EGI Middlware Unit should inform SVG when they are about to make a release which fixes a vulnerability. The simplest way to do this is via the Request Tracker, by adding a comment to the item for the specific vulnerability. This allows SVG to complete the advisory as appropriate and refer to the release version.

The EGI Middleware Unit ensures the release notes refer to the advisory

The advisory should refer to the release, the release notes refer to the advisory.

| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |