Gentoo Archives: gentoo-security

From: Thierry Carrez <koon@g.o>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Gentoo Linux Security Team, pointers and help needed
Date: Tue, 16 Nov 2004 10:50:57
1 Hello everyone,
3 Some of the emails posted on this list show that we did not communicate
4 enough on what we do on the Security Team and that the current online
5 resources are not enough known. Here is a small report that should show
6 you who we are, what we do and what help we need.
8 The Gentoo Linux Security project is tasked with timely resolution of
9 security issues in software provided through the Portage tree. That's
10 our main task, reaction to known issues and confidential ones, pushing
11 Gentoo package maintainers and arch teams to provide fixed stable
12 ebuilds and issuing GLSAs. We also do preventive actions through our
13 Audit subproject. We do not handle Gentoo Infrastructure security, other
14 than giving expert advice when we're asked. You will find the Security
15 project at the following page (linked through "Projects" on the Gentoo
16 Main Page) :
20 The main information point for Gentoo Security is the Gentoo Security
21 page. You will find recent GLSAs, instructions on how to submit security
22 problems and all online pointers on this main page :
26 We follow a precise policy when handling these vulnerabilities. You may
27 remember this was posted for discussion on this list a few months ago.
28 The current version of this policy is available at the following URL :
32 Our process is completely open, except when handling non-public
33 vulnerabilities that are sent to us on condition that we do not publish
34 them before a specific date. You can observe and join us on the
35 #gentoo-security Freenode IRC channel, where all Security members hang out.
37 We've heard a lot of "help them rather than shout at them" speaks
38 recently, and you might wonder what you can do to help us. We mostly
39 need GLSA Coordinators, to scout for new security bugs, draft and review
40 GLSAs, handle security bugs and publish GLSAs. This job needs a small
41 but constant commitment, as you will be assigned security bugs that need
42 updating at least once per day. You start as a scout, submitting new
43 vulnerability bugs in Bugzilla and helping solving security issues, to
44 finally be appointed as a Gentoo Security developer and send GLSAs under
45 your own name. You can learn about the security recruitment process at
46 the Security Padawans page :
50 If you are interested to join, please read the GLSA Coordinators Guide
51 to see what the job really is about, drop us an email with your name and
52 background, and start to submit new vulnerabilities and help on
53 existing bugs (search for bugs owned by security@g.o).
55 Thanks for your attention,
57 --
58 Thierry Carrez
59 Operational Manager, Gentoo Linux Security Team


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] Gentoo Linux Security Team, pointers and help needed Chris Haumesser <ch@××××.ws>