1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
I would be able to help out with (3) - i do a lot of PHP work for my current |
5 |
job - how can i help? |
6 |
|
7 |
On Thursday 18 Mar 2004 14:17, Kurt Lieber wrote: |
8 |
> All -- |
9 |
> |
10 |
> Based on recent threads, I thought I'd articulate some of the areas where |
11 |
> the gentoo security team needs assistance. These are listed in order of |
12 |
> priority, but all of the positions are very important to our efforts to |
13 |
> have a cohesive security team. |
14 |
> |
15 |
> 1) Security bug wranglers -- we need folks to watch Bugzilla for new |
16 |
> security bugs. When new bugs come in, they need to validate them, work |
17 |
> with the dev team to get things patched and (at the same time) work on |
18 |
> writing up the GLSA so it's ready for publication at the same time the |
19 |
> patched ebuilds are. |
20 |
> |
21 |
> 2) Documentation writers -- we *really* need 1 or 2 good documentation |
22 |
> writers. Folks who know or can learn GuideXSL (if you know HTML, you |
23 |
> can learn GuideXSL) and can help put our policies and procedures to |
24 |
> paper so they can be published on the security page. A lot of the work |
25 |
> here will be talking to a bunch of different folks to understand how |
26 |
> things work currently and then compiling that in a form that is easy to |
27 |
> understand for external users. |
28 |
> |
29 |
> 3) Tools folks -- this is less important as Tim (plasmaroo) has been doing |
30 |
> a nice job so far, but I'm sure he wouldn't mind some help as he has a |
31 |
> number of other responsibilities as well. We have a decent GLSA |
32 |
> creation tool at the moment that works well. We'd like to use this as |
33 |
> the foundation for some other security-related tools that will help us |
34 |
> smooth out our internal processes. (Things like assinging various |
35 |
> security bugs to specific bug wranglers so we know who is working on |
36 |
> what, etc.) This requires a good knowledge of PHP. |
37 |
> |
38 |
> 4) Security bug reporters -- Folks who comb the various external lists for |
39 |
> new security vulnerability reports and file bugs on bugs.gentoo.org so |
40 |
> we know about them as well. We've been fortunate so far since our |
41 |
> community has done an excellent job of this. We can always use more |
42 |
> eyes, however. If you have very little time, this is a perfect way to |
43 |
> help out as you don't have to be part of the official team. |
44 |
> |
45 |
> I'm sure there are other needs as well, but these are the ones that spring |
46 |
> to mind. |
47 |
> |
48 |
> --kurt |
49 |
-----BEGIN PGP SIGNATURE----- |
50 |
Version: GnuPG v1.2.4 (GNU/Linux) |
51 |
|
52 |
iD8DBQFAWfbrL2tdvgIqSMkRAhovAKC33UUKl0HmpsDP7He8SRzAOR3YeACgoavm |
53 |
DdpyNP+uwo7RDzhPawUmS5I= |
54 |
=hSEx |
55 |
-----END PGP SIGNATURE----- |
56 |
|
57 |
-- |
58 |
gentoo-security@g.o mailing list |