[gentoo-commits] gentoo commit in xml/htdocs/proj/en/security: affiliations.xml - gentoo-commits

From:	"Alex Legler (a3li)" <a3li@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/proj/en/security: affiliations.xml
Date:	Thu, 02 Feb 2012 11:16:01
Message-Id:	`20120202111543.8557C2004B@flycatcher.gentoo.org`

1

a3li        12/02/02 11:15:43

2

3

  Added:                affiliations.xml

4

  Log:

5

  Add rbu's affiliations page

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/proj/en/security/affiliations.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/affiliations.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/affiliations.xml?rev=1.1&content-type=text/plain

12

13

Index: affiliations.xml

14

===================================================================

15

<?xml version='1.0' encoding="UTF-8"?>

16

<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

17

<guide link="/security/en/affiliations.xml">

18

<title>Gentoo Linux Security Affiliations</title>

19

<author title="Author">

20

  <mail link="rbu@g.o">Robert Buchholz</mail>

21

</author>

22

<author title="Author">

23

  <mail link="a3li@g.o">Alex Legler</mail>

24

</author>

25

26

<abstract>

27

This document details the groups that the Gentoo Linux Security Team is a part of or working

28

with in order to coordinate vulnerabilities.

29

</abstract>

30

31

<license/>

32

33

<version>1.1</version>

34

<date>2012-02-02</date>

35

36

<chapter>

37

<title>Introduction</title>

38

<section>

39

<title>What and why</title>

40

<body>

41

<p>

42

The Gentoo Linux Security Team is dedicated to an open development process

43

and supports responsible disclosure. This means we closely collaborate with software upstreams,

44

other distributions, security researchers and CERTs to ensure the security of our distribution.

45

</p>

46

<p>

47

Our group affiliations allow us to access vulnerability information and receive notifications

48

as early as possible. As participants in a coordinated release process, we are able to assess

49

vulnerabilities before they publicly known. We work with Gentoo developers, upstream and

50

other distributions to prepare updates that reach Gentoo users as soon as the vulnerability

51

is public. We commit ourselves to publish all our own findings, but we respect if third parties

52

decide to keep certain information private.

53

</p>

54

<p>

55

Members and contributors of the Security team should review this list before attempting to become

56

part of a mailing list. <b>Any such requests are to be discussed internally and acknowledged by

57

a team lead first.</b>

58

</p>

59

</body>

60

</section>

61

</chapter>

62

63

<chapter>

64

<title>Affiliations</title>

65

<section>

66

<title>linux-distros</title>

67

<body>

68

<p>

69

Gentoo is part of the <uri link="http://oss-security.openwall.org/wiki/mailing-lists/distros">distros and linux-distros</uri> mailing list.

70

The mailing list discusses vulnerabilities in several free software products and is often

71

used for coordinated disclosure.

72

</p>

73

<p>

74

Current members: a3li, craig

75

</p>

76

</body>

77

</section>

78

79

<section>

80

<title>oCERT</title>

81

<body>

82

<p>

83

Gentoo is a member of <uri link="http://www.ocert.org/">oCERT</uri> ever since its incarnation

84

in 2008. The Open Source Computer Emergency Response Team is an effort to assist free software

85

projects in vulnerability management and usually performs responsible disclosure.

86

We are proud to say that three of the five oCERT founding team members are former Gentoo 

87

developers.

88

</p>

89

</body>

90

</section>

91

92

<section>

93

<title>CERT/CC</title>

94

<body>

95

<p>

96

Gentoo is a listed vendor with the  <uri link="http://www.cert.org/certcc.html">CERT Coordination Center (CERT/CC)</uri>.

97

We receive general vulnerability notifications through the most widely known CERT.

98

</p>

99

<p>

100

Current members: a3li, keytoaster

101

</p>

102

</body>

103

</section>

104

105

<section>

106

<title>WebKit Security</title>

107

<body>

108

<p>

109

Gentoo is part of the <uri link="http://webkit.org/security/">WebKit Security</uri> mailing list and bugzilla group

110

since 2009. This group discusses vulnerabilities in products based on the WebKit web browsing engine, such as

111

WebKit-GTK, Qt 4 and Google Chrome.

112

</p>

113

<p>

114

<uri link="http://webkit.org/security/security-group-members.html">Current members</uri>: a3li, keytoaster

115

</p>

116

</body>

117

</section>

118

119

<section>

120

<title>Mozilla Security</title>

121

<body>

122

<p>

123

Gentoo is seeking membership of the <uri link="http://www.mozilla.org/projects/security/membership-policy.html">Mozilla Security Group</uri>.

124

</p>

125

<p>

126

<uri link="http://www.mozilla.org/projects/security/secgrouplist.html">Current members</uri>: none.

127

</p>

128

</body>

129

</section>

130

131

<section>

132

<title>OpenOffice.org</title>

133

<body>

134

<p>

135

Gentoo is part of the <uri link="http://www.openoffice.org/security/">OpenOffice.org Security Group</uri>.

136

</p>

137

<p>

138

Current members: a3li, suka.

139

</p>

140

</body>

141

</section>

142

143

<section>

144

<title>Samba</title>

145

<body>

146

<p>

147

Gentoo is subscribed to the samba-pkg-sec mailing list where advance Samba announcements are distributed.

148

</p>

149

</body>

150

</section>

151

152

<section>

153

<title>oss-security</title>

154

<body>

155

<p>

156

Gentoo is a member of the <uri link="http://oss-security.openwall.org/wiki/mailing-lists/oss-security">oss-security</uri>

157

mailing list since it was founded in 2008. It is a public discussion channel targeted towards security flaws in free software.

158

</p>

159

</body>

160

</section>

161

162

<section>

163

<title>CVE</title>

164

<body>

165

<p>

166

Gentoo is committed to the <uri link="http://cve.mitre.org/compatible/index.html">Common Vulnerabilities and Exposures

167

project</uri> that seeks to enumerate

168

information vulnerabilities. We automatically monitor the CVE feed for vulnerabilities and

169

are seeking for our GLSAs and Bugzilla channels to output CVE identifiers. We are seeking

170

<uri link="http://cve.mitre.org/compatible/index.html">CVE-Compatible</uri> status in the near future.

171

</p>

172

</body>

173

</section>

174

175

<section>

176

<title>Secunia</title>

177

<body>

178

<p>

179

Gentoo is using vulnerability feeds provided by <uri link="http://secunia.com/">Secunia</uri>

180

in order to improve vulnerability assessment and workflow automation.

181

</p>

182

</body>

183

</section>

184

185

</chapter>

186

187

</guide>

1	a3li 12/02/02 11:15:43
2
3	Added: affiliations.xml
4	Log:
5	Add rbu's affiliations page
6
7	Revision Changes Path
8	1.1 xml/htdocs/proj/en/security/affiliations.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/affiliations.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/affiliations.xml?rev=1.1&content-type=text/plain
12
13	Index: affiliations.xml
14	===================================================================
15	<?xml version='1.0' encoding="UTF-8"?>
16	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
17	<guide link="/security/en/affiliations.xml">
18	<title>Gentoo Linux Security Affiliations</title>
19	<author title="Author">
20	<mail link="rbu@g.o">Robert Buchholz</mail>
21	</author>
22	<author title="Author">
23	<mail link="a3li@g.o">Alex Legler</mail>
24	</author>
25
26	<abstract>
27	This document details the groups that the Gentoo Linux Security Team is a part of or working
28	with in order to coordinate vulnerabilities.
29	</abstract>
30
31	<license/>
32
33	<version>1.1</version>
34	<date>2012-02-02</date>
35
36	<chapter>
37	<title>Introduction</title>
38	<section>
39	<title>What and why</title>
40	<body>
41	<p>
42	The Gentoo Linux Security Team is dedicated to an open development process
43	and supports responsible disclosure. This means we closely collaborate with software upstreams,
44	other distributions, security researchers and CERTs to ensure the security of our distribution.
45	</p>
46	<p>
47	Our group affiliations allow us to access vulnerability information and receive notifications
48	as early as possible. As participants in a coordinated release process, we are able to assess
49	vulnerabilities before they publicly known. We work with Gentoo developers, upstream and
50	other distributions to prepare updates that reach Gentoo users as soon as the vulnerability
51	is public. We commit ourselves to publish all our own findings, but we respect if third parties
52	decide to keep certain information private.
53	</p>
54	<p>
55	Members and contributors of the Security team should review this list before attempting to become
56	part of a mailing list. <b>Any such requests are to be discussed internally and acknowledged by
57	a team lead first.</b>
58	</p>
59	</body>
60	</section>
61	</chapter>
62
63	<chapter>
64	<title>Affiliations</title>
65	<section>
66	<title>linux-distros</title>
67	<body>
68	<p>
69	Gentoo is part of the <uri link="http://oss-security.openwall.org/wiki/mailing-lists/distros">distros and linux-distros</uri> mailing list.
70	The mailing list discusses vulnerabilities in several free software products and is often
71	used for coordinated disclosure.
72	</p>
73	<p>
74	Current members: a3li, craig
75	</p>
76	</body>
77	</section>
78
79	<section>
80	<title>oCERT</title>
81	<body>
82	<p>
83	Gentoo is a member of <uri link="http://www.ocert.org/">oCERT</uri> ever since its incarnation
84	in 2008. The Open Source Computer Emergency Response Team is an effort to assist free software
85	projects in vulnerability management and usually performs responsible disclosure.
86	We are proud to say that three of the five oCERT founding team members are former Gentoo
87	developers.
88	</p>
89	</body>
90	</section>
91
92	<section>
93	<title>CERT/CC</title>
94	<body>
95	<p>
96	Gentoo is a listed vendor with the <uri link="http://www.cert.org/certcc.html">CERT Coordination Center (CERT/CC)</uri>.
97	We receive general vulnerability notifications through the most widely known CERT.
98	</p>
99	<p>
100	Current members: a3li, keytoaster
101	</p>
102	</body>
103	</section>
104
105	<section>
106	<title>WebKit Security</title>
107	<body>
108	<p>
109	Gentoo is part of the <uri link="http://webkit.org/security/">WebKit Security</uri> mailing list and bugzilla group
110	since 2009. This group discusses vulnerabilities in products based on the WebKit web browsing engine, such as
111	WebKit-GTK, Qt 4 and Google Chrome.
112	</p>
113	<p>
114	<uri link="http://webkit.org/security/security-group-members.html">Current members</uri>: a3li, keytoaster
115	</p>
116	</body>
117	</section>
118
119	<section>
120	<title>Mozilla Security</title>
121	<body>
122	<p>
123	Gentoo is seeking membership of the <uri link="http://www.mozilla.org/projects/security/membership-policy.html">Mozilla Security Group</uri>.
124	</p>
125	<p>
126	<uri link="http://www.mozilla.org/projects/security/secgrouplist.html">Current members</uri>: none.
127	</p>
128	</body>
129	</section>
130
131	<section>
132	<title>OpenOffice.org</title>
133	<body>
134	<p>
135	Gentoo is part of the <uri link="http://www.openoffice.org/security/">OpenOffice.org Security Group</uri>.
136	</p>
137	<p>
138	Current members: a3li, suka.
139	</p>
140	</body>
141	</section>
142
143	<section>
144	<title>Samba</title>
145	<body>
146	<p>
147	Gentoo is subscribed to the samba-pkg-sec mailing list where advance Samba announcements are distributed.
148	</p>
149	</body>
150	</section>
151
152	<section>
153	<title>oss-security</title>
154	<body>
155	<p>
156	Gentoo is a member of the <uri link="http://oss-security.openwall.org/wiki/mailing-lists/oss-security">oss-security</uri>
157	mailing list since it was founded in 2008. It is a public discussion channel targeted towards security flaws in free software.
158	</p>
159	</body>
160	</section>
161
162	<section>
163	<title>CVE</title>
164	<body>
165	<p>
166	Gentoo is committed to the <uri link="http://cve.mitre.org/compatible/index.html">Common Vulnerabilities and Exposures
167	project</uri> that seeks to enumerate
168	information vulnerabilities. We automatically monitor the CVE feed for vulnerabilities and
169	are seeking for our GLSAs and Bugzilla channels to output CVE identifiers. We are seeking
170	<uri link="http://cve.mitre.org/compatible/index.html">CVE-Compatible</uri> status in the near future.
171	</p>
172	</body>
173	</section>
174
175	<section>
176	<title>Secunia</title>
177	<body>
178	<p>
179	Gentoo is using vulnerability feeds provided by <uri link="http://secunia.com/">Secunia</uri>
180	in order to improve vulnerability assessment and workflow automation.
181	</p>
182	</body>
183	</section>
184
185	</chapter>
186
187	</guide>

Gentoo Archives: gentoo-commits