Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Kurt Lieber <klieber@g.o>
Subject: For folks interested in helping with gentoo security efforts
Date: Thu, 18 Mar 2004 09:17:59 -0500 
All --

Based on recent threads, I thought I'd articulate some of the areas where
the gentoo security team needs assistance.  These are listed in order of
priority, but all of the positions are very important to our efforts to
have a cohesive security team.

1) Security bug wranglers -- we need folks to watch Bugzilla for new
   security bugs.  When new bugs come in, they need to validate them, work
   with the dev team to get things patched and (at the same time) work on
   writing up the GLSA so it's ready for publication at the same time the
   patched ebuilds are.

2) Documentation writers -- we *really* need 1 or 2 good documentation
   writers.  Folks who know or can learn GuideXSL (if you know HTML, you
   can learn GuideXSL) and can help put our policies and procedures to
   paper so they can be published on the security page.  A lot of the work
   here will be talking to a bunch of different folks to understand how
   things work currently and then compiling that in a form that is easy to
   understand for external users.

3) Tools folks -- this is less important as Tim (plasmaroo) has been doing
   a nice job so far, but I'm sure he wouldn't mind some help as he has a
   number of other responsibilities as well.  We have a decent GLSA
   creation tool at the moment that works well.  We'd like to use this as
   the foundation for some other security-related tools that will help us
   smooth out our internal processes. (Things like assinging various
   security bugs to specific bug wranglers so we know who is working on
   what, etc.)  This requires a good knowledge of PHP.

4) Security bug reporters -- Folks who comb the various external lists for
   new security vulnerability reports and file bugs on bugs.gentoo.org so
   we know about them as well.  We've been fortunate so far since our
   community has done an excellent job of this.  We can always use more
   eyes, however.  If you have very little time, this is a perfect way to
   help out as you don't have to be part of the official team.

I'm sure there are other needs as well, but these are the ones that spring
to mind.

--kurt
Attachment:
pgpEUYbbGoWsm.pgp (PGP signature)
Replies:
Re: For folks interested in helping with gentoo security efforts
-- Tobias Weisserth
Re: For folks interested in helping with gentoo security efforts
-- Erik Riffel
Re: For folks interested in helping with gentoo security efforts
-- theboywho
Re: For folks interested in helping with gentoo security efforts
-- Joshua J. Berry
Re: For folks interested in helping with gentoo security efforts
-- Koon
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Gentoo security policy
Next by thread:
Re: For folks interested in helping with gentoo security efforts
Previous by date:
Re: Gentoo security policy
Next by date:
Re: Gentoo security policy


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.