Gentoo Archives: gentoo-security

From: theboywho <theboywho@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] For folks interested in helping with gentoo security efforts
Date: Thu, 18 Mar 2004 19:22:26
Message-Id: 200403181922.32390.theboywho@ruddyperl.com
In Reply to: [gentoo-security] For folks interested in helping with gentoo security efforts by Kurt Lieber
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 I would be able to help out with (3) - i do a lot of PHP work for my current
5 job - how can i help?
6
7 On Thursday 18 Mar 2004 14:17, Kurt Lieber wrote:
8 > All --
9 >
10 > Based on recent threads, I thought I'd articulate some of the areas where
11 > the gentoo security team needs assistance. These are listed in order of
12 > priority, but all of the positions are very important to our efforts to
13 > have a cohesive security team.
14 >
15 > 1) Security bug wranglers -- we need folks to watch Bugzilla for new
16 > security bugs. When new bugs come in, they need to validate them, work
17 > with the dev team to get things patched and (at the same time) work on
18 > writing up the GLSA so it's ready for publication at the same time the
19 > patched ebuilds are.
20 >
21 > 2) Documentation writers -- we *really* need 1 or 2 good documentation
22 > writers. Folks who know or can learn GuideXSL (if you know HTML, you
23 > can learn GuideXSL) and can help put our policies and procedures to
24 > paper so they can be published on the security page. A lot of the work
25 > here will be talking to a bunch of different folks to understand how
26 > things work currently and then compiling that in a form that is easy to
27 > understand for external users.
28 >
29 > 3) Tools folks -- this is less important as Tim (plasmaroo) has been doing
30 > a nice job so far, but I'm sure he wouldn't mind some help as he has a
31 > number of other responsibilities as well. We have a decent GLSA
32 > creation tool at the moment that works well. We'd like to use this as
33 > the foundation for some other security-related tools that will help us
34 > smooth out our internal processes. (Things like assinging various
35 > security bugs to specific bug wranglers so we know who is working on
36 > what, etc.) This requires a good knowledge of PHP.
37 >
38 > 4) Security bug reporters -- Folks who comb the various external lists for
39 > new security vulnerability reports and file bugs on bugs.gentoo.org so
40 > we know about them as well. We've been fortunate so far since our
41 > community has done an excellent job of this. We can always use more
42 > eyes, however. If you have very little time, this is a perfect way to
43 > help out as you don't have to be part of the official team.
44 >
45 > I'm sure there are other needs as well, but these are the ones that spring
46 > to mind.
47 >
48 > --kurt
49 -----BEGIN PGP SIGNATURE-----
50 Version: GnuPG v1.2.4 (GNU/Linux)
51
52 iD8DBQFAWfbrL2tdvgIqSMkRAhovAKC33UUKl0HmpsDP7He8SRzAOR3YeACgoavm
53 DdpyNP+uwo7RDzhPawUmS5I=
54 =hSEx
55 -----END PGP SIGNATURE-----
56
57 --
58 gentoo-security@g.o mailing list