Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Casey Link" <unnamedrambler@...>
Subject: Re: Kernel Security + KISS
Date: Thu, 21 Feb 2008 22:55:17 -0500
Here are some day to day duties that will be need to get done.This
isn't exhaustive just the results of a few minutes of brainstorming:

* Stalking the places vulnerabilities are announced (CVE, mailing
lists, etc) to create the relevant bug.
* Determine which upstream (kernel.org) version has the fix and make
the whiteboard entry in bugzilla.
* Determine which sources are affected
* Nag kernel maintainers to patch their sources
* Find patches and discussion to link to the kernel maintainers to
ease their patching (and ideally encourage them to patch faster)
* As sources are patched update the whiteboard
* Release glsas of unaffected packages (?)

Some framework and specification needs to be laid, but that is a
general outline of the process I think. None of those duties require
programming experience at all. Of course crafting patches to send to
the kernel maintainers would be another helpful thing to do. Ideally
this would be made pretty simple with some nifty tools, however
manpower is going to be required regardless.

There are still the glaring issues of (1) the best way to notify users
of vulnerabilities, and (2) how to enforce rapid-ish response by
kernel maintainers. I think the best way to approach (2) is to be
amicable towards the maintainers. Point them in the right direction,
send them patches, etc., rather than spamming "OMG! Patch
foo-sources!" every day. Maybe we could give them candy or something.

Casey


On Thu, Feb 21, 2008 at 9:26 PM, Eduardo Tongson <propolice@...> wrote:
> Yes. We should each have assigned tasks which will depend on our
>  respective skill and trait.
>
>   --  ed*eonsec
>
>
>
>  On Fri, Feb 22, 2008 at 3:28 AM, doppelgaenger <bm2600@...> wrote:
>  > George Prowse wrote:
>  >  > Eduardo Tongson wrote:
>  >  >> Nice plan. I think you are more able to lead. Can we communicate more
>  >  >> in email perhaps a google group or list. IRC is not efficient for
>  >  >> people in different timezones.
>  >  >>
>  >  >>   --  ed*eonsec
>  >  >>
>  >  > I agree, a list or group would be better at pooling the people at your
>  >  > disposal
>  >
>  >  I also think it would be a good idea to set up some requirements profile
>  >  so people can identify them self in some kind of matrix ?
>  >
>  >  I basically volunteer but not sure what use I could be with a background
>  >  as an ISO, limited time and basic C knowledge.
>  >
>  >  --doppelgaenger
>  >
>  >
>  > --
>  >  gentoo-security@g.o mailing list
>  >
>  >
>  --
>  gentoo-security@g.o mailing list
>
>
-- 
gentoo-security@g.o mailing list


Replies:
Re: Kernel Security + KISS
-- Sune Kloppenborg Jeppesen
Re: Kernel Security + KISS
-- Marc Riemer
References:
Kernel Security + KISS
-- Casey Link
Re: Kernel Security + KISS
-- Arthur Bispo de Castro
Re: Kernel Security + KISS
-- nick loeve
Re: Kernel Security + KISS
-- George Prowse
Re: Kernel Security + KISS
-- Robert Joslyn
Re: Kernel Security + KISS
-- Casey Link
Re: Kernel Security + KISS
-- Eduardo Tongson
Re: Kernel Security + KISS
-- George Prowse
Re: Kernel Security + KISS
-- doppelgaenger
Re: Kernel Security + KISS
-- Eduardo Tongson
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernel Security + KISS
Next by thread:
Re: Kernel Security + KISS
Previous by date:
Re: Kernel Security + KISS
Next by date:
Re: Kernel Security + KISS


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.