[gentoo-commits] gentoo commit in xml/htdocs/security/en: padawans.xml - gentoo-commits

From:	"Robert Buchholz (rbu)" <rbu@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en: padawans.xml
Date:	Tue, 14 Apr 2009 00:59:18
Message-Id:	`E1LtWzc-0002Pj-Mn@stork.gentoo.org`

1

rbu         09/04/14 00:59:16

2

3

  Modified:             padawans.xml

4

  Log:

5

  Add references to oss-security list and wiki, CVE ids and the SVN, plus add mabi.

6

7

Revision  Changes    Path

8

1.70                 xml/htdocs/security/en/padawans.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/padawans.xml?rev=1.70&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/padawans.xml?rev=1.70&content-type=text/plain

12

diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/padawans.xml?r1=1.69&r2=1.70

13

14

Index: padawans.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/padawans.xml,v

17

retrieving revision 1.69

18

retrieving revision 1.70

19

diff -u -r1.69 -r1.70

20

--- padawans.xml	10 Mar 2009 10:52:51 -0000	1.69

21

+++ padawans.xml	14 Apr 2009 00:59:16 -0000	1.70

22

@@ -11,6 +11,9 @@

23

 <author title="Author">

24

   <mail link="falco@g.o">Raphael Marichez</mail>

25

 </author>

26

+<author title="Author">

27

+  <mail link="rbu@g.o">Robert Buchholz</mail>

28

+</author>

29

30

 <abstract>

31

 This document contains procedures applying to the security team

32

@@ -21,8 +24,8 @@

33

 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->

34

 <license/>

35

36

-<version>0.3.7</version>

37

-<date>2008-10-03</date>

38

+<version>0.3.8</version>

39

+<date>2009-04-14</date>

40

41

 <chapter>

42

 <title>Security recruits</title>

43

@@ -33,7 +36,7 @@

44

<p>

45

 The recruitment process for security developers is somewhat different from

46

 the mainstream recruitment process. Knowledge of Gentoo specifics is not

47

-as important as it is for other developers, since they won't have commit

48

+as important as it is for other developers, since they don't need to have commit

49

 rights to the Portage tree. On the other hand, they must have a good

50

 security background, good knowledge of written English and must progressively

51

 be given more responsibility.</p>

52

@@ -74,18 +77,24 @@

53

 <ti>Apprentice</ti>

54

 <ti>rbu</ti>

55

 </tr>

56

-<tr>

57

+<!-- inactive, rbu 2009-04-14<tr>

58

 <ti>Emanuele Gentili</ti>

59

 <ti>emgent</ti>

60

 <ti>Scout</ti>

61

 <ti>none yet</ti>

62

-</tr>

63

+</tr>-->

64

 <tr>

65

 <ti>Lars Hartmann</ti>

66

 <ti>psychoschlumpf</ti>

67

 <ti>Apprentice</ti>

68

 <ti>none yet</ti>

69

 </tr>

70

+<tr>

71

+<ti>Matti Bickel</ti>

72

+<ti>mabi</ti>

73

+<ti>Apprentice</ti>

74

+<ti>none yet</ti>

75

+</tr>

76

 <!-- inactive (vorlon 2008-07-04)

77

 <tr>

78

 <ti>Jule Slootbeek</ti>

79

@@ -136,7 +145,7 @@

80

 First step in joining the team is to be a scout. You will have to

81

 follow major security lists and websites (your choice) and submit bugs

82

 for things that are not yet in the

83

-<uri link="http://tinyurl.com/3nyg7">current Security bugs</uri>.

84

+<uri link="https://bugs.gentoo.org/buglist.cgi?query_format=advanced&amp;short_desc_type=allwordssubstr&amp;short_desc=&amp;product=Gentoo+Security&amp;long_desc_type=allwordssubstr&amp;long_desc=&amp;bug_file_loc_type=allwordssubstr&amp;bug_file_loc=&amp;status_whiteboard_type=allwordssubstr&amp;status_whiteboard=&amp;keywords_type=allwords&amp;keywords=&amp;bug_status=UNCONFIRMED&amp;bug_status=NEW&amp;bug_status=ASSIGNED&amp;bug_status=REOPENED&amp;emailassigned_to1=1&amp;emailtype1=substring&amp;email1=&amp;emailassigned_to2=1&amp;emailreporter2=1&amp;emailcc2=1&amp;emailtype2=substring&amp;email2=&amp;bugidtype=include&amp;bug_id=&amp;votes=&amp;chfieldfrom=&amp;chfieldto=Now&amp;chfieldvalue=&amp;cmdtype=doit&amp;order=Reuse+same+sort+as+last+time&amp;field0-0-0=noop&amp;type0-0-0=noop&amp;value0-0-0=">current Security bugs</uri>.

85

 Search for duplicates in resolved bugs before submitting! We will assign

86

 a senior developer as 'Mentor' to you. He will show you around and answer

87

 all your questions (but don't hesitate to contact any other senior

88

@@ -151,19 +160,35 @@

89

 Unfortunately, this only works for bugs you filed. You will be allowed to edit and move

90

 other bugs around when you are developer on probation.</p>

91

 <p>Finding security bugs can be very difficult and boring, but try to go through the

92

-slave labor. You can also try to find other tasks that interest you, for example trying

93

+slave labor. There are several ways to make your life easier. Some primary channels have

94

+a rather high signal-to-noise ratio like Full Disclosure, but there are also

95

+other <uri link="http://oss-security.openwall.org/wiki/mailing-lists">mailing

96

+lists</uri> like oss-security that are more focussed for distribution vendors.

97

+You might also be interested in secondary channels, for instance, <uri

98

+link="https://secunia.com/advisories/">Secunia Advisories</uri> can be

99

+subscribed to via a mailing list, or <uri

100

+link="http://www.securityfocus.com/bid">BugTraq BIDs</uri> and <uri

101

+link="http://cve.mitre.org/">CVE identifiers</uri> can be followed via

102

+RSS feeds. You can find tools to easily handle newly assigned CVE identifiers, and

103

+perform other routine tasks in the <uri

104

+link="http://overlays.gentoo.org/proj/security/timeline">Security SVN</uri>.

105

+Please consult the README provided there.</p>

106

+<p>Furthermore, you can also try to find other tasks that interest you, for example trying

107

 to get in touch with developers that are late with ebuilding and/or stabling or verify

108

 a vulnerability where it's not sure whether or not Gentoo is affected. You could also try

109

 to ask your mentor for a task.</p>

110

-

111

 <ul>

112

 <li>You will need: A 

113

-<uri link="http://bugs.gentoo.org/createaccount.cgi">Gentoo bugzilla

114

+<uri link="https://bugs.gentoo.org/createaccount.cgi">Gentoo bugzilla

115

 account</uri></li>

116

 <li>We will provide you: Nothing</li>

117

 <li>Estimated time until promotion: between 2 weeks and a month, but depends on your

118

 personal effort and skills.</li>

119

 </ul>

120

+<note>

121

+Do you know how to look up a bug by CVE identifier in the Bug trackers of the

122

+other distributions? If not, try to find it out or ask your mentor.

123

+</note>

124

125

 </body>

126

 </section>

127

@@ -190,6 +215,10 @@

128

 <li>Estimated time until promotion: until we are confident that you are able to

129

 draft quality advisories. That should take roughly a month if you are good.</li>

130

 </ul>

131

+<note>

132

+Have you read more than one page on the <uri

133

+link="http://oss-security.openwall.org/wiki/">oss-security wiki</uri> yet?

134

+</note>

135

136

 </body>

137

 </section>

1	rbu 09/04/14 00:59:16
2
3	Modified: padawans.xml
4	Log:
5	Add references to oss-security list and wiki, CVE ids and the SVN, plus add mabi.
6
7	Revision Changes Path
8	1.70 xml/htdocs/security/en/padawans.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/padawans.xml?rev=1.70&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/padawans.xml?rev=1.70&content-type=text/plain
12	diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/padawans.xml?r1=1.69&r2=1.70
13
14	Index: padawans.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/padawans.xml,v
17	retrieving revision 1.69
18	retrieving revision 1.70
19	diff -u -r1.69 -r1.70
20	--- padawans.xml 10 Mar 2009 10:52:51 -0000 1.69
21	+++ padawans.xml 14 Apr 2009 00:59:16 -0000 1.70
22	@@ -11,6 +11,9 @@
23	<author title="Author">
24	<mail link="falco@g.o">Raphael Marichez</mail>
25	</author>
26	+<author title="Author">
27	+ <mail link="rbu@g.o">Robert Buchholz</mail>
28	+</author>
29
30	<abstract>
31	This document contains procedures applying to the security team
32	@@ -21,8 +24,8 @@
33	<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
34	<license/>
35
36	-<version>0.3.7</version>
37	-<date>2008-10-03</date>
38	+<version>0.3.8</version>
39	+<date>2009-04-14</date>
40
41	<chapter>
42	<title>Security recruits</title>
43	@@ -33,7 +36,7 @@
44	<p>
45	The recruitment process for security developers is somewhat different from
46	the mainstream recruitment process. Knowledge of Gentoo specifics is not
47	-as important as it is for other developers, since they won't have commit
48	+as important as it is for other developers, since they don't need to have commit
49	rights to the Portage tree. On the other hand, they must have a good
50	security background, good knowledge of written English and must progressively
51	be given more responsibility.</p>
52	@@ -74,18 +77,24 @@
53	<ti>Apprentice</ti>
54	<ti>rbu</ti>
55	</tr>
56	-<tr>
57	+<!-- inactive, rbu 2009-04-14<tr>
58	<ti>Emanuele Gentili</ti>
59	<ti>emgent</ti>
60	<ti>Scout</ti>
61	<ti>none yet</ti>
62	-</tr>
63	+</tr>-->
64	<tr>
65	<ti>Lars Hartmann</ti>
66	<ti>psychoschlumpf</ti>
67	<ti>Apprentice</ti>
68	<ti>none yet</ti>
69	</tr>
70	+<tr>
71	+<ti>Matti Bickel</ti>
72	+<ti>mabi</ti>
73	+<ti>Apprentice</ti>
74	+<ti>none yet</ti>
75	+</tr>
76	<!-- inactive (vorlon 2008-07-04)
77	<tr>
78	<ti>Jule Slootbeek</ti>
79	@@ -136,7 +145,7 @@
80	First step in joining the team is to be a scout. You will have to
81	follow major security lists and websites (your choice) and submit bugs
82	for things that are not yet in the
83	-<uri link="http://tinyurl.com/3nyg7">current Security bugs</uri>.
84	+<uri link="https://bugs.gentoo.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=Gentoo+Security&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=">current Security bugs</uri>.
85	Search for duplicates in resolved bugs before submitting! We will assign
86	a senior developer as 'Mentor' to you. He will show you around and answer
87	all your questions (but don't hesitate to contact any other senior
88	@@ -151,19 +160,35 @@
89	Unfortunately, this only works for bugs you filed. You will be allowed to edit and move
90	other bugs around when you are developer on probation.</p>
91	<p>Finding security bugs can be very difficult and boring, but try to go through the
92	-slave labor. You can also try to find other tasks that interest you, for example trying
93	+slave labor. There are several ways to make your life easier. Some primary channels have
94	+a rather high signal-to-noise ratio like Full Disclosure, but there are also
95	+other <uri link="http://oss-security.openwall.org/wiki/mailing-lists">mailing
96	+lists</uri> like oss-security that are more focussed for distribution vendors.
97	+You might also be interested in secondary channels, for instance, <uri
98	+link="https://secunia.com/advisories/">Secunia Advisories</uri> can be
99	+subscribed to via a mailing list, or <uri
100	+link="http://www.securityfocus.com/bid">BugTraq BIDs</uri> and <uri
101	+link="http://cve.mitre.org/">CVE identifiers</uri> can be followed via
102	+RSS feeds. You can find tools to easily handle newly assigned CVE identifiers, and
103	+perform other routine tasks in the <uri
104	+link="http://overlays.gentoo.org/proj/security/timeline">Security SVN</uri>.
105	+Please consult the README provided there.</p>
106	+<p>Furthermore, you can also try to find other tasks that interest you, for example trying
107	to get in touch with developers that are late with ebuilding and/or stabling or verify
108	a vulnerability where it's not sure whether or not Gentoo is affected. You could also try
109	to ask your mentor for a task.</p>
110	-
111	<ul>
112	<li>You will need: A
113	-<uri link="http://bugs.gentoo.org/createaccount.cgi">Gentoo bugzilla
114	+<uri link="https://bugs.gentoo.org/createaccount.cgi">Gentoo bugzilla
115	account</uri></li>
116	<li>We will provide you: Nothing</li>
117	<li>Estimated time until promotion: between 2 weeks and a month, but depends on your
118	personal effort and skills.</li>
119	</ul>
120	+<note>
121	+Do you know how to look up a bug by CVE identifier in the Bug trackers of the
122	+other distributions? If not, try to find it out or ask your mentor.
123	+</note>
124
125	</body>
126	</section>
127	@@ -190,6 +215,10 @@
128	<li>Estimated time until promotion: until we are confident that you are able to
129	draft quality advisories. That should take roughly a month if you are good.</li>
130	</ul>
131	+<note>
132	+Have you read more than one page on the <uri
133	+link="http://oss-security.openwall.org/wiki/">oss-security wiki</uri> yet?
134	+</note>
135
136	</body>
137	</section>

Gentoo Archives: gentoo-commits