Difference between revisions of "5.1.1.4 Process to record and react to the availability of new security updates based on a risk-benefit assessment"

From CLOCKSS Trusted Digital Repository Documents
Jump to: navigation, search
(Created page with "== 5.1.1.3 - The repository shall have effective mechanisms to detect bit corruption or loss. == Both the network of CLOCKSS ingest machines and ...")
 
(Fix cut/paste error)
 
Line 1: Line 1:
== 5.1.1.3 - The repository shall have effective mechanisms to detect bit corruption or loss. ==
+
== 5.1.1.4 - The repository shall have a process to record and react to the availability of new security updates based on a risk-benefit assessment. ==
  
Both the [[CLOCKSS: Ingest Pipeline|network of CLOCKSS ingest machines]] and the [[CLOCKSS: Box Operations|network of CLOCKSS boxes]] use the [[LOCKSS: Polling and Repair Protocol]] to detect and repair corruption or loss of their content.
+
Each CLOCKSS box's operating system is [[CLOCKSS: Box Operations|maintained current with the CentOS repositories]]. The LOCKSS team does not believe that it is a better position to decide whether security fixes to the operating system should be installed than the O/S support system. Some CLOCKSS boxes update automatically from these repositories within 24 hours, some require administrator intervention. This mitigates the risk that an erroneous update from CentOS would impact all CLOCKSS boxes almost simultaneously.
 +
 
 +
The process by which security requirements for the the LOCKSS software are developed and addressed is described in [[LOCKSS: Software Development Process]]. Once a security enhancement for the LOCKSS daemon is released, all CLOCKSS boxes install it automatically within 24 hours.
  
 
=== Relevant Documents ===
 
=== Relevant Documents ===
# [http://dx.doi.org/10.1145/1047915.1047917 LOCKSS: A Peer-to-Peer Digital Preservation System]
 
# [[CLOCKSS: Ingest Pipeline]]
 
 
# [[CLOCKSS: Box Operations]]
 
# [[CLOCKSS: Box Operations]]
# [[LOCKSS: Polling and Repair Protocol]]
+
# [[CLOCKSS: Logging and Records]]
 +
# [[LOCKSS: Software Development Process]]

Latest revision as of 03:36, 8 October 2013

5.1.1.4 - The repository shall have a process to record and react to the availability of new security updates based on a risk-benefit assessment.

Each CLOCKSS box's operating system is maintained current with the CentOS repositories. The LOCKSS team does not believe that it is a better position to decide whether security fixes to the operating system should be installed than the O/S support system. Some CLOCKSS boxes update automatically from these repositories within 24 hours, some require administrator intervention. This mitigates the risk that an erroneous update from CentOS would impact all CLOCKSS boxes almost simultaneously.

The process by which security requirements for the the LOCKSS software are developed and addressed is described in LOCKSS: Software Development Process. Once a security enhancement for the LOCKSS daemon is released, all CLOCKSS boxes install it automatically within 24 hours.

Relevant Documents

  1. CLOCKSS: Box Operations
  2. CLOCKSS: Logging and Records
  3. LOCKSS: Software Development Process