I am curious about the plans for upgrading the IdPs we deployed in eI4Africa and replicating with the DevOps ansible playbooks.
Now there is a new version, the Shib v2.4 IdP we use will be supported only up to July 2016. Excerpt from announcement below.
I see 2 options -
- Move new installations to v3 or
- Define upgrade path with similar timelines so we are ready and have migrated allv2 to v3 come July 2016.
It would be great to be clear about this and how we transition in Sci-GAIA as the EoL is within the project's lifetime.
The compromise reached was for a staged EOL process, ending on July 31, 2016. Excer
The full timeline follows:
All security bugs and severe non-security bugs addressed until Dec 31, 2015.
Moderate security bugs addressed until Feb 29, 2016.
Important security bugs addressed until May 31, 2016.
Critical security bugs addressed until July 31, 2016 (full EOL).
While these are ultimately somewhat subjective criteria, the following are our working definitions:
A "severe" bug, outside of the security domain,
would be something that materially affects one's ability to keep running
the software on supported platforms and Java releases. For example, a
bug preventing use on Java 8 or a supported Tomcat or Jetty container.
Security bugs would be triaged using the usual scale used with CVE advisories and tend to fall into categories such as:
o Critical - remote exploits or data exposure issues
o Important - unauthenticated denial of service issues
o Moderate - authenticated denial of service issues