| 1 |
- Security Updates And Announcements - |
| 2 |
|
| 3 |
Security problems should be reported via bugzilla and assigned to |
| 4 |
security@gentoo (this is a must) |
| 5 |
|
| 6 |
As it stands right now our security updates have undergone alot of |
| 7 |
changes in the last few months and there are still some quarks to work |
| 8 |
out. The general idea we are aiming for is GLSA's in xml format. This |
| 9 |
allows us to display the GLSA's on-line as well as have portage take |
| 10 |
advantage of those GLSA's for the upcoming "emerge --security" feature. |
| 11 |
|
| 12 |
GLSA's are sent primarily to 3 places full-disclosure, bugtraq, |
| 13 |
gentoo-announce@g.o. At one time they went to this list here but for |
| 14 |
what ever reason some people started complaining about getting a GLSA |
| 15 |
from more than one list. Honestly I think those people should get over |
| 16 |
it and GLSA's be sent to this list again or perhaps a |
| 17 |
gentoo-security-announce@ would be a better place. |
| 18 |
|
| 19 |
|
| 20 |
Anyway as you all know Gentoo is a community driven effort and we only |
| 21 |
can only take care of the tasks we have time for. A lot of our |
| 22 |
developers have other lives so and dont always have time to sit around |
| 23 |
writing up a GLSA. So the simple solution to this would be to recruit |
| 24 |
more people to help out in this area, however technical writers with a |
| 25 |
clue are a rare commodity. So I'd like to open up a slot or two for a |
| 26 |
few people from this list that may be willing to help out in this dept. |
| 27 |
If you think you have what it takes please drop a mail to solar@gentoo |
| 28 |
and CC: security@gentoo . We also need more people actually reporting |
| 29 |
security problems and solutions to bugzilla so that something can be |
| 30 |
done about them. |
| 31 |
|
| 32 |
Currently we are also exploring the idea of user contributed GLSA's. |
| 33 |
Tim Yamin <plasmaroo@gentoo> wants people to test the GLSAMaker at |
| 34 |
http://dev.gentoo.org/~plasmaroo/glsa-test and complain to him if it |
| 35 |
doesn't work. |
| 36 |
|
| 37 |
And for you irc junkies you can find most of the sec team on |
| 38 |
irc.gentoo.org #gentoo-security |
| 39 |
|
| 40 |
Hope this has been somewhat enlightening. |
| 41 |
|
| 42 |
-peace |
| 43 |
|
| 44 |
Ned Ludd <solar@g.o> |
| 45 |
Gentoo Linux Developer |
Archives