Gentoo Archives: gentoo-kernel

From: Daniel Drake <dsd@g.o>
To: gentoo-kernel@l.g.o
Subject: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project
Date: Sun, 20 May 2007 20:06:34
1 Anyone interested in contributing the Gentoo kernel security project?
3 Basic roles here are to handle vulnerabilities (both minor and major) in
4 the kernel. The issues come in from databases such as,
5 usually with patches, and you have to coordinate those patches flowing
6 into the portage tree.
8 The usual process is to have a bug on the Gentoo bugzilla per security
9 report. Initially you get me to include the patch in genpatches, then
10 you CC maintainers of all other affected kernels and pester them until
11 they have fixed their kernel, either by including the newer genpatches
12 or by adding the patch individually.
14 This isn't a terribly interesting task, but is important and we're
15 behind on issue tracking here. The thing that will make it interesting
16 is that after getting a grasp of how the system works, we are looking
17 for someone to develop software to help us track the security bugs and
18 help communicate that info to users (who typically want to know when a
19 new kernel fixes a security issue, so that they can upgrade). This
20 software would probably be web-based.
22 Anyone interested?
26 Thanks,
27 Daniel
28 --
29 gentoo-kernel@g.o mailing list