| 1 |
On Thu, Mar 18, 2004 at 09:17:59AM -0500, Kurt Lieber wrote: |
| 2 |
> All -- |
| 3 |
> |
| 4 |
> Based on recent threads, I thought I'd articulate some of the areas where |
| 5 |
> the gentoo security team needs assistance. These are listed in order of |
| 6 |
> priority, but all of the positions are very important to our efforts to |
| 7 |
> have a cohesive security team. |
| 8 |
|
| 9 |
I go to college fulltime, but I do have some breaks here and there where |
| 10 |
I might be able to help out. |
| 11 |
|
| 12 |
> |
| 13 |
> 1) Security bug wranglers -- we need folks to watch Bugzilla for new |
| 14 |
> security bugs. When new bugs come in, they need to validate them, work |
| 15 |
> with the dev team to get things patched and (at the same time) work on |
| 16 |
> writing up the GLSA so it's ready for publication at the same time the |
| 17 |
> patched ebuilds are. |
| 18 |
|
| 19 |
I can help with this, once I learn your processes. I'm familiar with |
| 20 |
both C and Bugzilla, although I don't know how much time I'll have to |
| 21 |
spend on actually writing code to validate/test exploits. I think I |
| 22 |
would be best here at handling random administrative kinds of things; |
| 23 |
for instance, taking an already-validated exploit and writing a GLSA for |
| 24 |
it, or incorporating an already-made patch into an ebuild. |
| 25 |
|
| 26 |
> 2) Documentation writers -- we *really* need 1 or 2 good documentation |
| 27 |
> writers. Folks who know or can learn GuideXSL (if you know HTML, you |
| 28 |
> can learn GuideXSL) and can help put our policies and procedures to |
| 29 |
> paper so they can be published on the security page. A lot of the work |
| 30 |
> here will be talking to a bunch of different folks to understand how |
| 31 |
> things work currently and then compiling that in a form that is easy to |
| 32 |
> understand for external users. |
| 33 |
|
| 34 |
I am fairly good at writing documentation, and I can pick up GuideXSL |
| 35 |
along the way. Again, this is just a question of how much time I'll |
| 36 |
have to spend on this. :) |
| 37 |
|
| 38 |
At the very least, I would be happy to edit what others write. |
| 39 |
Hopefully I will have time to actually write stuff, but that depends on |
| 40 |
my schedule next quarter. |
| 41 |
|
| 42 |
Next week is my spring break, so if you want my help, I will have plenty |
| 43 |
of time then to get up to speed. |
| 44 |
|
| 45 |
-- Josh (CondorDes on IRC) |
| 46 |
|
| 47 |
----------------------------------------- |
| 48 |
Joshua J. Berry |
| 49 |
|
| 50 |
"I haven't lost my mind -- it's backed up on tape somewhere." |
| 51 |
-- /usr/games/fortune |
| 52 |
|
| 53 |
NOTE: Please do not submit this email address to any mailing |
| 54 |
lists or websites without prior permission. Thank you. |
Archives