Custom Query (196 matches)
Results (34 - 36 of 196)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#341 | adehnert | duplicate | Keep updated our supported autoinstallers | |
Description |
We currently have several autoinstallers that aren't up-to-date with their upstream. We should keep them updated. Some options include:
|
|||
#371 | achernya | fixed | SMTP should be checked on a realserver properly | |
Description |
Currently, the directors check port 25 on each machine to see if postfix is running. This is bad, since it means we can't nolvs a machine and prevent it from also handling mail. Mitch wrote patches a few years ago that use the nagios ldap check and provide the smtp service that heartbeat can ping. This allows us to nolvs a machine and have it drop out of all services, meaning we can temporarily take a wedged machine out of the pool for debugging. |
|||
#400 | andersk | fixed | SHA-1 certificates from mitcert since 2013 will be degraded by Chrome | |
Description |
davidben points out that Chrome will be degrading SHA-1 certificates valid past 2016-01-01:
This seems to include all certificates that mitcert/InCommon has issued (and continues to issue!) since 2013-01-01, since they have a three year expiration date. So we’re going to need to replace all these certificates soon. This might also be a good excuse to move to a 2048-bit private key (because a 4096-bit certificate signed by 2048-bit CAs provides no security benefit and is noticeably slower). |