Gentoo Archives: gentoo-security

From: Kurt Lieber <klieber@g.o>
To: gentoo-security@l.g.o
Subject: [gentoo-security] For folks interested in helping with gentoo security efforts
Date: Thu, 18 Mar 2004 14:17:56
1 All --
3 Based on recent threads, I thought I'd articulate some of the areas where
4 the gentoo security team needs assistance. These are listed in order of
5 priority, but all of the positions are very important to our efforts to
6 have a cohesive security team.
8 1) Security bug wranglers -- we need folks to watch Bugzilla for new
9 security bugs. When new bugs come in, they need to validate them, work
10 with the dev team to get things patched and (at the same time) work on
11 writing up the GLSA so it's ready for publication at the same time the
12 patched ebuilds are.
14 2) Documentation writers -- we *really* need 1 or 2 good documentation
15 writers. Folks who know or can learn GuideXSL (if you know HTML, you
16 can learn GuideXSL) and can help put our policies and procedures to
17 paper so they can be published on the security page. A lot of the work
18 here will be talking to a bunch of different folks to understand how
19 things work currently and then compiling that in a form that is easy to
20 understand for external users.
22 3) Tools folks -- this is less important as Tim (plasmaroo) has been doing
23 a nice job so far, but I'm sure he wouldn't mind some help as he has a
24 number of other responsibilities as well. We have a decent GLSA
25 creation tool at the moment that works well. We'd like to use this as
26 the foundation for some other security-related tools that will help us
27 smooth out our internal processes. (Things like assinging various
28 security bugs to specific bug wranglers so we know who is working on
29 what, etc.) This requires a good knowledge of PHP.
31 4) Security bug reporters -- Folks who comb the various external lists for
32 new security vulnerability reports and file bugs on so
33 we know about them as well. We've been fortunate so far since our
34 community has done an excellent job of this. We can always use more
35 eyes, however. If you have very little time, this is a perfect way to
36 help out as you don't have to be part of the official team.
38 I'm sure there are other needs as well, but these are the ones that spring
39 to mind.
41 --kurt