1 |
- Security Updates And Announcements - |
2 |
|
3 |
Security problems should be reported via bugzilla and assigned to |
4 |
security@gentoo (this is a must) |
5 |
|
6 |
As it stands right now our security updates have undergone alot of |
7 |
changes in the last few months and there are still some quarks to work |
8 |
out. The general idea we are aiming for is GLSA's in xml format. This |
9 |
allows us to display the GLSA's on-line as well as have portage take |
10 |
advantage of those GLSA's for the upcoming "emerge --security" feature. |
11 |
|
12 |
GLSA's are sent primarily to 3 places full-disclosure, bugtraq, |
13 |
gentoo-announce@g.o. At one time they went to this list here but for |
14 |
what ever reason some people started complaining about getting a GLSA |
15 |
from more than one list. Honestly I think those people should get over |
16 |
it and GLSA's be sent to this list again or perhaps a |
17 |
gentoo-security-announce@ would be a better place. |
18 |
|
19 |
|
20 |
Anyway as you all know Gentoo is a community driven effort and we only |
21 |
can only take care of the tasks we have time for. A lot of our |
22 |
developers have other lives so and dont always have time to sit around |
23 |
writing up a GLSA. So the simple solution to this would be to recruit |
24 |
more people to help out in this area, however technical writers with a |
25 |
clue are a rare commodity. So I'd like to open up a slot or two for a |
26 |
few people from this list that may be willing to help out in this dept. |
27 |
If you think you have what it takes please drop a mail to solar@gentoo |
28 |
and CC: security@gentoo . We also need more people actually reporting |
29 |
security problems and solutions to bugzilla so that something can be |
30 |
done about them. |
31 |
|
32 |
Currently we are also exploring the idea of user contributed GLSA's. |
33 |
Tim Yamin <plasmaroo@gentoo> wants people to test the GLSAMaker at |
34 |
http://dev.gentoo.org/~plasmaroo/glsa-test and complain to him if it |
35 |
doesn't work. |
36 |
|
37 |
And for you irc junkies you can find most of the sec team on |
38 |
irc.gentoo.org #gentoo-security |
39 |
|
40 |
Hope this has been somewhat enlightening. |
41 |
|
42 |
-peace |
43 |
|
44 |
Ned Ludd <solar@g.o> |
45 |
Gentoo Linux Developer |