List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Based on recent threads, I thought I'd articulate some of the areas where
the gentoo security team needs assistance. These are listed in order of
priority, but all of the positions are very important to our efforts to
have a cohesive security team.
1) Security bug wranglers -- we need folks to watch Bugzilla for new
security bugs. When new bugs come in, they need to validate them, work
with the dev team to get things patched and (at the same time) work on
writing up the GLSA so it's ready for publication at the same time the
patched ebuilds are.
2) Documentation writers -- we *really* need 1 or 2 good documentation
writers. Folks who know or can learn GuideXSL (if you know HTML, you
can learn GuideXSL) and can help put our policies and procedures to
paper so they can be published on the security page. A lot of the work
here will be talking to a bunch of different folks to understand how
things work currently and then compiling that in a form that is easy to
understand for external users.
3) Tools folks -- this is less important as Tim (plasmaroo) has been doing
a nice job so far, but I'm sure he wouldn't mind some help as he has a
number of other responsibilities as well. We have a decent GLSA
creation tool at the moment that works well. We'd like to use this as
the foundation for some other security-related tools that will help us
smooth out our internal processes. (Things like assinging various
security bugs to specific bug wranglers so we know who is working on
what, etc.) This requires a good knowledge of PHP.
4) Security bug reporters -- Folks who comb the various external lists for
new security vulnerability reports and file bugs on bugs.gentoo.org so
we know about them as well. We've been fortunate so far since our
community has done an excellent job of this. We can always use more
eyes, however. If you have very little time, this is a perfect way to
help out as you don't have to be part of the official team.
I'm sure there are other needs as well, but these are the ones that spring