| 1 |
I can help out with 3 and 4 if there is still a need. I have a lot of |
| 2 |
php experience, and would be glad to help out in any way that I can. I |
| 3 |
do work full time during the days, so my time would be somewhat limited, |
| 4 |
but I can always find time during the evenings to help out. Let me know |
| 5 |
if there is anything that I can do. |
| 6 |
|
| 7 |
Steve |
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
-----Original Message----- |
| 12 |
From: Kurt Lieber [mailto:klieber@g.o] |
| 13 |
Sent: Thursday, March 18, 2004 7:18 AM |
| 14 |
To: gentoo-security@l.g.o |
| 15 |
Subject: [gentoo-security] For folks interested in helping with gentoo |
| 16 |
security efforts |
| 17 |
|
| 18 |
All -- |
| 19 |
|
| 20 |
Based on recent threads, I thought I'd articulate some of the areas |
| 21 |
where |
| 22 |
the gentoo security team needs assistance. These are listed in order of |
| 23 |
priority, but all of the positions are very important to our efforts to |
| 24 |
have a cohesive security team. |
| 25 |
|
| 26 |
1) Security bug wranglers -- we need folks to watch Bugzilla for new |
| 27 |
security bugs. When new bugs come in, they need to validate them, |
| 28 |
work |
| 29 |
with the dev team to get things patched and (at the same time) work |
| 30 |
on |
| 31 |
writing up the GLSA so it's ready for publication at the same time |
| 32 |
the |
| 33 |
patched ebuilds are. |
| 34 |
|
| 35 |
2) Documentation writers -- we *really* need 1 or 2 good documentation |
| 36 |
writers. Folks who know or can learn GuideXSL (if you know HTML, you |
| 37 |
can learn GuideXSL) and can help put our policies and procedures to |
| 38 |
paper so they can be published on the security page. A lot of the |
| 39 |
work |
| 40 |
here will be talking to a bunch of different folks to understand how |
| 41 |
things work currently and then compiling that in a form that is easy |
| 42 |
to |
| 43 |
understand for external users. |
| 44 |
|
| 45 |
3) Tools folks -- this is less important as Tim (plasmaroo) has been |
| 46 |
doing |
| 47 |
a nice job so far, but I'm sure he wouldn't mind some help as he has |
| 48 |
a |
| 49 |
number of other responsibilities as well. We have a decent GLSA |
| 50 |
creation tool at the moment that works well. We'd like to use this |
| 51 |
as |
| 52 |
the foundation for some other security-related tools that will help |
| 53 |
us |
| 54 |
smooth out our internal processes. (Things like assinging various |
| 55 |
security bugs to specific bug wranglers so we know who is working on |
| 56 |
what, etc.) This requires a good knowledge of PHP. |
| 57 |
|
| 58 |
4) Security bug reporters -- Folks who comb the various external lists |
| 59 |
for |
| 60 |
new security vulnerability reports and file bugs on bugs.gentoo.org |
| 61 |
so |
| 62 |
we know about them as well. We've been fortunate so far since our |
| 63 |
community has done an excellent job of this. We can always use more |
| 64 |
eyes, however. If you have very little time, this is a perfect way |
| 65 |
to |
| 66 |
help out as you don't have to be part of the official team. |
| 67 |
|
| 68 |
I'm sure there are other needs as well, but these are the ones that |
| 69 |
spring |
| 70 |
to mind. |
| 71 |
|
| 72 |
--kurt |
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
-- |
| 77 |
gentoo-security@g.o mailing list |
Archives