From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.105.134.102] (helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DiTR6-0003DE-C3 for garchives@archives.gentoo.org; Wed, 15 Jun 2005 08:39:48 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j5F8cNd0012878; Wed, 15 Jun 2005 08:38:23 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j5F8aiPW009284 for ; Wed, 15 Jun 2005 08:36:45 GMT Received: from user.scort.com ([213.41.103.70] helo=[10.1.10.18]) by smtp.gentoo.org with esmtpa (Exim 4.43) id 1DiTOt-0003R9-NU for gentoo-dev@lists.gentoo.org; Wed, 15 Jun 2005 08:37:31 +0000 Message-ID: <42AFE8CB.4010606@gentoo.org> Date: Wed, 15 Jun 2005 10:37:31 +0200 From: Thierry Carrez Organization: Gentoo Linux User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050325) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] Security status update X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 2a7b21fe-6341-47a4-aa40-a4248cccc74b X-Archives-Hash: b9da89ea12de7044ba2ff028d14e5d48 Here is the status update for the Security team, wrt 2005 objectives. - Recruit new team members We should have two new GLSA coordinators (on probation) as soon as the recruitment freeze is over. The objective for the rest of the year is to recruit more people in US/Pacific TZ to ensure a constant watch (most current GLSA coordinators are Europe-based). - Put new procedures in place to ensure kernel security This joint venture with the kernel team is quite advanced now. The kernel security subproject has been created and the Kernel Interactive Security Status system (KISS) is in beta phase. - Improve auditing The addition of Tavis Ormandy and Rob Holland to the auditors team was very beneficial, and the number of vulnerabilities found by the Gentoo Security Audit team now competes with the top other distribution audit teams (Debian, RedHat, SuSE). - Get official CVE compatibility We completed the first steps towards that goal. -- Thierry Carrez (Koon) Operational Manager, Gentoo Linux Security -- gentoo-dev@gentoo.org mailing list