Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Security

Gentoo Linux Security Team, pointers and help needed

 

 

Gentoo security RSS feed   Index | Next | Previous | View Threaded


koon at gentoo

Nov 16, 2004, 3:50 AM

Post #1 of 3 (782 views)
Permalink
Gentoo Linux Security Team, pointers and help needed

Hello everyone,

Some of the emails posted on this list show that we did not communicate
enough on what we do on the Security Team and that the current online
resources are not enough known. Here is a small report that should show
you who we are, what we do and what help we need.

The Gentoo Linux Security project is tasked with timely resolution of
security issues in software provided through the Portage tree. That's
our main task, reaction to known issues and confidential ones, pushing
Gentoo package maintainers and arch teams to provide fixed stable
ebuilds and issuing GLSAs. We also do preventive actions through our
Audit subproject. We do not handle Gentoo Infrastructure security, other
than giving expert advice when we're asked. You will find the Security
project at the following page (linked through "Projects" on the Gentoo
Main Page) :

http://www.gentoo.org/proj/en/security/

The main information point for Gentoo Security is the Gentoo Security
page. You will find recent GLSAs, instructions on how to submit security
problems and all online pointers on this main page :

http://security.gentoo.org/

We follow a precise policy when handling these vulnerabilities. You may
remember this was posted for discussion on this list a few months ago.
The current version of this policy is available at the following URL :

http://www.gentoo.org/security/en/vulnerability-policy.xml

Our process is completely open, except when handling non-public
vulnerabilities that are sent to us on condition that we do not publish
them before a specific date. You can observe and join us on the
#gentoo-security Freenode IRC channel, where all Security members hang out.

We've heard a lot of "help them rather than shout at them" speaks
recently, and you might wonder what you can do to help us. We mostly
need GLSA Coordinators, to scout for new security bugs, draft and review
GLSAs, handle security bugs and publish GLSAs. This job needs a small
but constant commitment, as you will be assigned security bugs that need
updating at least once per day. You start as a scout, submitting new
vulnerability bugs in Bugzilla and helping solving security issues, to
finally be appointed as a Gentoo Security developer and send GLSAs under
your own name. You can learn about the security recruitment process at
the Security Padawans page :

http://www.gentoo.org/security/en/padawans.xml

If you are interested to join, please read the GLSA Coordinators Guide
to see what the job really is about, drop us an email with your name and
background, and start to submit new vulnerabilities and help on
existing bugs (search for bugs owned by security [at] gentoo).

Thanks for your attention,

--
Thierry Carrez
Operational Manager, Gentoo Linux Security Team
Attachments: signature.asc (0.18 KB)


ch at awry

Nov 16, 2004, 10:50 AM

Post #2 of 3 (730 views)
Permalink
Re: Gentoo Linux Security Team, pointers and help needed [In reply to]

Thank you for this helpful explanation, Thierry.

One question, though:

Thierry Carrez wrote:

>We do not handle Gentoo Infrastructure security, other
>than giving expert advice when we're asked.
>

If not gentoo-security, than who?
Attachments: signature.asc (0.25 KB)


klieber at gentoo

Nov 16, 2004, 11:04 AM

Post #3 of 3 (728 views)
Permalink
Re: Gentoo Linux Security Team, pointers and help needed [In reply to]

On Tue, Nov 16, 2004 at 09:50:15AM -0800 or thereabouts, Chris Haumesser wrote:
> Thierry Carrez wrote:
>
> >We do not handle Gentoo Infrastructure security, other
> >than giving expert advice when we're asked.
> >
>
> If not gentoo-security, than who?

The Gentoo Infrastructure team.

--kurt

Gentoo security RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.