Gentoo Archives: gentoo-security

From: Steve Boone <steve@××××××××××.com>
To: gentoo-security@l.g.o
Subject: FW: [gentoo-security] For folks interested in helping with gentoo security efforts
Date: Fri, 19 Mar 2004 03:52:08
Message-Id: 006901c40d66$3c852300$0200000a@fugg
1 I can help out with 3 and 4 if there is still a need. I have a lot of
2 php experience, and would be glad to help out in any way that I can. I
3 do work full time during the days, so my time would be somewhat limited,
4 but I can always find time during the evenings to help out. Let me know
5 if there is anything that I can do.
7 Steve
11 -----Original Message-----
12 From: Kurt Lieber [mailto:klieber@g.o]
13 Sent: Thursday, March 18, 2004 7:18 AM
14 To: gentoo-security@l.g.o
15 Subject: [gentoo-security] For folks interested in helping with gentoo
16 security efforts
18 All --
20 Based on recent threads, I thought I'd articulate some of the areas
21 where
22 the gentoo security team needs assistance. These are listed in order of
23 priority, but all of the positions are very important to our efforts to
24 have a cohesive security team.
26 1) Security bug wranglers -- we need folks to watch Bugzilla for new
27 security bugs. When new bugs come in, they need to validate them,
28 work
29 with the dev team to get things patched and (at the same time) work
30 on
31 writing up the GLSA so it's ready for publication at the same time
32 the
33 patched ebuilds are.
35 2) Documentation writers -- we *really* need 1 or 2 good documentation
36 writers. Folks who know or can learn GuideXSL (if you know HTML, you
37 can learn GuideXSL) and can help put our policies and procedures to
38 paper so they can be published on the security page. A lot of the
39 work
40 here will be talking to a bunch of different folks to understand how
41 things work currently and then compiling that in a form that is easy
42 to
43 understand for external users.
45 3) Tools folks -- this is less important as Tim (plasmaroo) has been
46 doing
47 a nice job so far, but I'm sure he wouldn't mind some help as he has
48 a
49 number of other responsibilities as well. We have a decent GLSA
50 creation tool at the moment that works well. We'd like to use this
51 as
52 the foundation for some other security-related tools that will help
53 us
54 smooth out our internal processes. (Things like assinging various
55 security bugs to specific bug wranglers so we know who is working on
56 what, etc.) This requires a good knowledge of PHP.
58 4) Security bug reporters -- Folks who comb the various external lists
59 for
60 new security vulnerability reports and file bugs on
61 so
62 we know about them as well. We've been fortunate so far since our
63 community has done an excellent job of this. We can always use more
64 eyes, however. If you have very little time, this is a perfect way
65 to
66 help out as you don't have to be part of the official team.
68 I'm sure there are other needs as well, but these are the ones that
69 spring
70 to mind.
72 --kurt
76 --
77 gentoo-security@g.o mailing list