Gentoo Archives: gentoo-security

From: Robert Buchholz <rbu@g.o>
To: gentoo-security@l.g.o
Cc: Mansour Moufid <mansourmoufid@×××××.com>
Subject: Re: [gentoo-security] the Gentoo Audit project and dev-util/splint
Date: Thu, 11 Jun 2009 14:13:26
Message-Id: 200906111613.22362.rbu@gentoo.org
In Reply to: Re: [gentoo-security] the Gentoo Audit project and dev-util/splint by Mansour Moufid
Hello Mansour,

On Wednesday 10 June 2009, Mansour Moufid wrote:
> > But keep in mind there is a certain amount of work that comes with > > this. > > How much time would members typically put in, say, per week? I > imagine it's difficult to estimate an 'average' -- since most of the > time spent is probably in actually reviewing source code -- but I'm > looking forward to contributing a decent number of hours a week as > part of this project. Effort is certainly no deterrent.
As with most oss projects, you put in the amount of time you are comfortable with. There's usually more items on the TODO stack than you can handle anyway, so you either let it rest for a few days/weeks when you are busy, or work off large chunks when you have some time to burn. To get you started, I would suggest you look for tasks that sound interesting. There are several bugs that need attention. Some of them are in the "Gentoo Security/Audit" section of Bugzilla. Mondo-rescue's latest version needs to be looked at, for example: https://bugs.gentoo.org/show_bug.cgi?id=106497 There is a list of packages bundling libraries. Some of these might have security impact: https://bugs.gentoo.org/showdependencytree.cgi?id=251464 There's also some of the "Gentoo Security/Vulnerabilities" bugs that need attention. If you're seeking to discover new vulnerabilities instead of working on details of existing bugs, can literally start anywhere you like. Contact us in IRC or via Jabber if you need assistance. Robert

Attachments

File name MIME type
signature.asc application/pgp-signature