| 1 |
I do a lot of php work for my employer and would love to help w/ #3. |
| 2 |
Im also very familiar w/ XSL and could pick up GuideXSL to help w/ #2. |
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
Kurt Lieber wrote: |
| 7 |
|
| 8 |
>All -- |
| 9 |
> |
| 10 |
>Based on recent threads, I thought I'd articulate some of the areas where |
| 11 |
>the gentoo security team needs assistance. These are listed in order of |
| 12 |
>priority, but all of the positions are very important to our efforts to |
| 13 |
>have a cohesive security team. |
| 14 |
> |
| 15 |
>1) Security bug wranglers -- we need folks to watch Bugzilla for new |
| 16 |
> security bugs. When new bugs come in, they need to validate them, work |
| 17 |
> with the dev team to get things patched and (at the same time) work on |
| 18 |
> writing up the GLSA so it's ready for publication at the same time the |
| 19 |
> patched ebuilds are. |
| 20 |
> |
| 21 |
>2) Documentation writers -- we *really* need 1 or 2 good documentation |
| 22 |
> writers. Folks who know or can learn GuideXSL (if you know HTML, you |
| 23 |
> can learn GuideXSL) and can help put our policies and procedures to |
| 24 |
> paper so they can be published on the security page. A lot of the work |
| 25 |
> here will be talking to a bunch of different folks to understand how |
| 26 |
> things work currently and then compiling that in a form that is easy to |
| 27 |
> understand for external users. |
| 28 |
> |
| 29 |
>3) Tools folks -- this is less important as Tim (plasmaroo) has been doing |
| 30 |
> a nice job so far, but I'm sure he wouldn't mind some help as he has a |
| 31 |
> number of other responsibilities as well. We have a decent GLSA |
| 32 |
> creation tool at the moment that works well. We'd like to use this as |
| 33 |
> the foundation for some other security-related tools that will help us |
| 34 |
> smooth out our internal processes. (Things like assinging various |
| 35 |
> security bugs to specific bug wranglers so we know who is working on |
| 36 |
> what, etc.) This requires a good knowledge of PHP. |
| 37 |
> |
| 38 |
>4) Security bug reporters -- Folks who comb the various external lists for |
| 39 |
> new security vulnerability reports and file bugs on bugs.gentoo.org so |
| 40 |
> we know about them as well. We've been fortunate so far since our |
| 41 |
> community has done an excellent job of this. We can always use more |
| 42 |
> eyes, however. If you have very little time, this is a perfect way to |
| 43 |
> help out as you don't have to be part of the official team. |
| 44 |
> |
| 45 |
>I'm sure there are other needs as well, but these are the ones that spring |
| 46 |
>to mind. |
| 47 |
> |
| 48 |
>--kurt |
| 49 |
> |
| 50 |
> |
| 51 |
|
| 52 |
-- |
| 53 |
____________________________________________________ |
| 54 |
Erik Riffel |
| 55 |
Glyphix Studio |
| 56 |
|
| 57 |
http://daemon.riffelnet.net/Keys/riffel.glyphix.gpg |
| 58 |
|
| 59 |
Humans will be reduced to zoo animals and our robot creations will throw |
| 60 |
peanuts at us and make us dance |
Archives