From: David Groep <info(a)eugridpma.org>
Date: Wed, 5 Oct 2016 11:30:00 +0200
Subject: Updated IGTF distribution 1.78 - improved APT support
Dear CAs, Relying Parties, Users, and all others interested,
In this announcement of the IGTF:
1. Updated IGTF distribution version 1.78 available
(fast-track update release)
2. Tech preview: fetch-crl retrieval tool with post-execution scripting
============================================================================
1. Updated IGTF distribution version 1.78 available
============================================================================
A new distribution of Accredited Authorities by the Interoperable Global
Trust Federation, based on the IGTF Common Source, is now available. It
includes the newly accredited Authorities and retires expiring trust
anchors.
This release has been fast-tracked to resolve issues with recent version of
Debian packaging tools, and to forestall potential monitoring issues related
to expired trust anchors.
This is version 1.78 release 1 and it is now available for download from
the Repository (and mirrors) at
https://dist.igtf.net/distribution/igtf/current/
Changes from 1.77 to 1.78
-------------------------
(5 October 2016)
* Removed superseded INFN-CA-2006 CA (IT)
* Updated Debian packaging to support APT security improvements
Next Release
------------
Releases are usually done on the last Monday of the month, only when
the trust anchor distribution has been updated substantially. The
currently-estimated next release date of the distribution is at the
end of October 2016.
=========================================================================
2. Tech preview: fetch-crl retrieval tool with post-execution scripting
=========================================================================
In selected deployment, services need to be restarted or reloaded once
the CRLs have been updated in trust anchor directory, so that the freshly
downloaded revocation information becomes effective. Other services only
refresh revocation information periodically.
A generic mechanism is about to be added to the fetch-crl tool, allowing
users of this tool to trigger their own scripts and service restarts
after fetch-crl has completed its work and updated all CRLs, as well as
after each individual CRL update.
A technology preview of this fetch-crl version (3.0.18) is now available
as a tar-ball and architecture-independent RPM package:
https://dl.igtf.net/distribution/tests/fetch-crl3/
and the author welcomes your comments on this version as well as any bug
reports and regressions. Documentation for the new features ("postexec")
is available online at
https://dl.igtf.net/distribution/tests/fetch-crl3/README.txt
and will be included in the on-line documentation on release.
=========================================================================
REPEATED NOTICES
=========================================================================
Use in coordinated-deployment infrastructures
---------------------------------------------
If you are part of a coordinated-deployment infrastructure (e.g. a national
or regional e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may
want to await their announcement before installing the release. They could
include localised adaptations. For reference we include the links below:
PRACE-RI https://winnetou.surfsara.nl/prace/certs/
EGI https://wiki.egi.eu/wiki/EGI_IGTF_Release
wLCG https://lcg-ca.web.cern.ch
Open Science Grid https://software.grid.iu.edu/cadist/
Not all IGTF releases are necessarily accompanied by a infrastructure-specific
release. If the changes in the IGTF distribution do not materially impact the
distribution of the relying party, no associated release may be done, nor is
there a reason to update such a distribution.
Supplementary download locations
--------------------------------
The download repository is also mirrored by the APGridPMA at
https://www.apgridpma.org/distribution/igtf/
and by the EUGridPMA at
https://dist.eugridpma.info/distribution/igtf/
Where possible validate trust anchors with the GEANT TACAR Repository
https://www.tacar.org/
About this news letter
----------------------
This newsletter carries IGTF information intended for relying parties.
For more information about this newsletter and how to subscribe, refer
to the EUGridPMA web site at https://www.eugridpma.org/
+-----------------------------------------------------------------------+
| For information on the IGTF Distribution, how to use it and what is |
| contains, please read the information at |
| https://dist.igtf.net/distribution/igtf/README.txt |
| |
| This file contains important information for new users and should be |
| read before installing this Distribution. |
+-----------------------------------------------------------------------+
If you have suggestions or improvements for the distribution format,
to have it better suit your needs, please contact the EUGridPMA PMA at
<info(a)eugridpma.org> or your Regional Policy Management Authority. See
the IGTF web site (www.igtf.net) for further information.
--
David Groep
** Nikhef, Dutch National Institute for Subatomic Physics, PDP/ACR group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
** New PGP key: 0x308E076A FP: 2facebea12803ba145685a21d80134c2308e076a **
