1 |
a3li 12/02/02 11:15:43 |
2 |
|
3 |
Added: affiliations.xml |
4 |
Log: |
5 |
Add rbu's affiliations page |
6 |
|
7 |
Revision Changes Path |
8 |
1.1 xml/htdocs/proj/en/security/affiliations.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/affiliations.xml?rev=1.1&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/affiliations.xml?rev=1.1&content-type=text/plain |
12 |
|
13 |
Index: affiliations.xml |
14 |
=================================================================== |
15 |
<?xml version='1.0' encoding="UTF-8"?> |
16 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
17 |
<guide link="/security/en/affiliations.xml"> |
18 |
<title>Gentoo Linux Security Affiliations</title> |
19 |
<author title="Author"> |
20 |
<mail link="rbu@g.o">Robert Buchholz</mail> |
21 |
</author> |
22 |
<author title="Author"> |
23 |
<mail link="a3li@g.o">Alex Legler</mail> |
24 |
</author> |
25 |
|
26 |
<abstract> |
27 |
This document details the groups that the Gentoo Linux Security Team is a part of or working |
28 |
with in order to coordinate vulnerabilities. |
29 |
</abstract> |
30 |
|
31 |
<license/> |
32 |
|
33 |
<version>1.1</version> |
34 |
<date>2012-02-02</date> |
35 |
|
36 |
<chapter> |
37 |
<title>Introduction</title> |
38 |
<section> |
39 |
<title>What and why</title> |
40 |
<body> |
41 |
<p> |
42 |
The Gentoo Linux Security Team is dedicated to an open development process |
43 |
and supports responsible disclosure. This means we closely collaborate with software upstreams, |
44 |
other distributions, security researchers and CERTs to ensure the security of our distribution. |
45 |
</p> |
46 |
<p> |
47 |
Our group affiliations allow us to access vulnerability information and receive notifications |
48 |
as early as possible. As participants in a coordinated release process, we are able to assess |
49 |
vulnerabilities before they publicly known. We work with Gentoo developers, upstream and |
50 |
other distributions to prepare updates that reach Gentoo users as soon as the vulnerability |
51 |
is public. We commit ourselves to publish all our own findings, but we respect if third parties |
52 |
decide to keep certain information private. |
53 |
</p> |
54 |
<p> |
55 |
Members and contributors of the Security team should review this list before attempting to become |
56 |
part of a mailing list. <b>Any such requests are to be discussed internally and acknowledged by |
57 |
a team lead first.</b> |
58 |
</p> |
59 |
</body> |
60 |
</section> |
61 |
</chapter> |
62 |
|
63 |
<chapter> |
64 |
<title>Affiliations</title> |
65 |
<section> |
66 |
<title>linux-distros</title> |
67 |
<body> |
68 |
<p> |
69 |
Gentoo is part of the <uri link="http://oss-security.openwall.org/wiki/mailing-lists/distros">distros and linux-distros</uri> mailing list. |
70 |
The mailing list discusses vulnerabilities in several free software products and is often |
71 |
used for coordinated disclosure. |
72 |
</p> |
73 |
<p> |
74 |
Current members: a3li, craig |
75 |
</p> |
76 |
</body> |
77 |
</section> |
78 |
|
79 |
<section> |
80 |
<title>oCERT</title> |
81 |
<body> |
82 |
<p> |
83 |
Gentoo is a member of <uri link="http://www.ocert.org/">oCERT</uri> ever since its incarnation |
84 |
in 2008. The Open Source Computer Emergency Response Team is an effort to assist free software |
85 |
projects in vulnerability management and usually performs responsible disclosure. |
86 |
We are proud to say that three of the five oCERT founding team members are former Gentoo |
87 |
developers. |
88 |
</p> |
89 |
</body> |
90 |
</section> |
91 |
|
92 |
<section> |
93 |
<title>CERT/CC</title> |
94 |
<body> |
95 |
<p> |
96 |
Gentoo is a listed vendor with the <uri link="http://www.cert.org/certcc.html">CERT Coordination Center (CERT/CC)</uri>. |
97 |
We receive general vulnerability notifications through the most widely known CERT. |
98 |
</p> |
99 |
<p> |
100 |
Current members: a3li, keytoaster |
101 |
</p> |
102 |
</body> |
103 |
</section> |
104 |
|
105 |
<section> |
106 |
<title>WebKit Security</title> |
107 |
<body> |
108 |
<p> |
109 |
Gentoo is part of the <uri link="http://webkit.org/security/">WebKit Security</uri> mailing list and bugzilla group |
110 |
since 2009. This group discusses vulnerabilities in products based on the WebKit web browsing engine, such as |
111 |
WebKit-GTK, Qt 4 and Google Chrome. |
112 |
</p> |
113 |
<p> |
114 |
<uri link="http://webkit.org/security/security-group-members.html">Current members</uri>: a3li, keytoaster |
115 |
</p> |
116 |
</body> |
117 |
</section> |
118 |
|
119 |
<section> |
120 |
<title>Mozilla Security</title> |
121 |
<body> |
122 |
<p> |
123 |
Gentoo is seeking membership of the <uri link="http://www.mozilla.org/projects/security/membership-policy.html">Mozilla Security Group</uri>. |
124 |
</p> |
125 |
<p> |
126 |
<uri link="http://www.mozilla.org/projects/security/secgrouplist.html">Current members</uri>: none. |
127 |
</p> |
128 |
</body> |
129 |
</section> |
130 |
|
131 |
<section> |
132 |
<title>OpenOffice.org</title> |
133 |
<body> |
134 |
<p> |
135 |
Gentoo is part of the <uri link="http://www.openoffice.org/security/">OpenOffice.org Security Group</uri>. |
136 |
</p> |
137 |
<p> |
138 |
Current members: a3li, suka. |
139 |
</p> |
140 |
</body> |
141 |
</section> |
142 |
|
143 |
<section> |
144 |
<title>Samba</title> |
145 |
<body> |
146 |
<p> |
147 |
Gentoo is subscribed to the samba-pkg-sec mailing list where advance Samba announcements are distributed. |
148 |
</p> |
149 |
</body> |
150 |
</section> |
151 |
|
152 |
<section> |
153 |
<title>oss-security</title> |
154 |
<body> |
155 |
<p> |
156 |
Gentoo is a member of the <uri link="http://oss-security.openwall.org/wiki/mailing-lists/oss-security">oss-security</uri> |
157 |
mailing list since it was founded in 2008. It is a public discussion channel targeted towards security flaws in free software. |
158 |
</p> |
159 |
</body> |
160 |
</section> |
161 |
|
162 |
<section> |
163 |
<title>CVE</title> |
164 |
<body> |
165 |
<p> |
166 |
Gentoo is committed to the <uri link="http://cve.mitre.org/compatible/index.html">Common Vulnerabilities and Exposures |
167 |
project</uri> that seeks to enumerate |
168 |
information vulnerabilities. We automatically monitor the CVE feed for vulnerabilities and |
169 |
are seeking for our GLSAs and Bugzilla channels to output CVE identifiers. We are seeking |
170 |
<uri link="http://cve.mitre.org/compatible/index.html">CVE-Compatible</uri> status in the near future. |
171 |
</p> |
172 |
</body> |
173 |
</section> |
174 |
|
175 |
<section> |
176 |
<title>Secunia</title> |
177 |
<body> |
178 |
<p> |
179 |
Gentoo is using vulnerability feeds provided by <uri link="http://secunia.com/">Secunia</uri> |
180 |
in order to improve vulnerability assessment and workflow automation. |
181 |
</p> |
182 |
</body> |
183 |
</section> |
184 |
|
185 |
</chapter> |
186 |
|
187 |
</guide> |