1 |
All -- |
2 |
|
3 |
Based on recent threads, I thought I'd articulate some of the areas where |
4 |
the gentoo security team needs assistance. These are listed in order of |
5 |
priority, but all of the positions are very important to our efforts to |
6 |
have a cohesive security team. |
7 |
|
8 |
1) Security bug wranglers -- we need folks to watch Bugzilla for new |
9 |
security bugs. When new bugs come in, they need to validate them, work |
10 |
with the dev team to get things patched and (at the same time) work on |
11 |
writing up the GLSA so it's ready for publication at the same time the |
12 |
patched ebuilds are. |
13 |
|
14 |
2) Documentation writers -- we *really* need 1 or 2 good documentation |
15 |
writers. Folks who know or can learn GuideXSL (if you know HTML, you |
16 |
can learn GuideXSL) and can help put our policies and procedures to |
17 |
paper so they can be published on the security page. A lot of the work |
18 |
here will be talking to a bunch of different folks to understand how |
19 |
things work currently and then compiling that in a form that is easy to |
20 |
understand for external users. |
21 |
|
22 |
3) Tools folks -- this is less important as Tim (plasmaroo) has been doing |
23 |
a nice job so far, but I'm sure he wouldn't mind some help as he has a |
24 |
number of other responsibilities as well. We have a decent GLSA |
25 |
creation tool at the moment that works well. We'd like to use this as |
26 |
the foundation for some other security-related tools that will help us |
27 |
smooth out our internal processes. (Things like assinging various |
28 |
security bugs to specific bug wranglers so we know who is working on |
29 |
what, etc.) This requires a good knowledge of PHP. |
30 |
|
31 |
4) Security bug reporters -- Folks who comb the various external lists for |
32 |
new security vulnerability reports and file bugs on bugs.gentoo.org so |
33 |
we know about them as well. We've been fortunate so far since our |
34 |
community has done an excellent job of this. We can always use more |
35 |
eyes, however. If you have very little time, this is a perfect way to |
36 |
help out as you don't have to be part of the official team. |
37 |
|
38 |
I'm sure there are other needs as well, but these are the ones that spring |
39 |
to mind. |
40 |
|
41 |
--kurt |