diff --git a/docs/projects/sha2-support.md b/docs/projects/sha2-support.md index 422a26396c..c78c56e272 100644 --- a/docs/projects/sha2-support.md +++ b/docs/projects/sha2-support.md @@ -3,7 +3,7 @@ SHA-2 Compliance When a certificate authority signs a certificate, it uses one of several possible hash algorithms. Historically, the most popular algorithms were MD5 (now retired due to security issues) and the SHA-1 family. -SHA-1 certificates are being phased out due to perceived weaknesses — as of February 2017, a practical attack for generating collisions was demonstrated by [Google researchers](https://shattered.io/static/shattered.pdf). +SHA-1 certificates are being phased out due to perceived weaknesses — as of February 2017, a practical attack for generating collisions was demonstrated by Google researchers. These days, the preferred hash algorithm family is SHA-2. The certificate authorities (CAs), which issue host and user certificates used widely in the OSG, defaulted to SHA-2-based certificates on 1 October 2013; all sites will need to make sure that their software supports certificates using the SHA-2 algorithms. All supported OSG releases support SHA-2. diff --git a/docs/software/ospool-containers.md b/docs/software/ospool-containers.md index 513ed72ea0..cca80b6c8f 100644 --- a/docs/software/ospool-containers.md +++ b/docs/software/ospool-containers.md @@ -51,7 +51,7 @@ then it runs the actual user payload job in Singularity (or Apptainer). PID namespaces are a key technology that enables containers to isolate from each other. See, for example, -[this Ubuntu copy of the man page](https://manpages.ubuntu.com/manpages/lunar/en/man7/pid_namespaces.7.html) +[this Ubuntu copy of the man page](https://manpages.ubuntu.com/manpages/resolute/en/man7/pid_namespaces.7.html) for `pid_namespaces`. The `root` user always has the ability to create PID namespaces, so a privileged container runtime (i.e., not unprivileged Singularity) can always do this. diff --git a/docs/software/requesting-tokens.md b/docs/software/requesting-tokens.md index 4ac20a55a3..89a311261f 100644 --- a/docs/software/requesting-tokens.md +++ b/docs/software/requesting-tokens.md @@ -3,7 +3,7 @@ How to Request Tokens As part of the [GridFTP and GSI migration](../policy/gridftp-gsi-migration.md), the OSG will be transitioning authentication away from X.509 certificates to the use of bearer tokens such as [SciTokens](http://scitokens.org/) or -[WLCG JWT](https://twiki.cern.ch/twiki/bin/view/LCG/WLCGAuthorizationWG). +[WLCG JWT](https://zenodo.org/records/17937372). This document is intended as a guide for OSG developers for requesting tokens necessary for software development. ## Before Starting