public inbox for gentoo-kernel@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-kernel] More manpower needed for Gentoo Kernel Security project
@ 2007-05-20 20:03 Daniel Drake
  2007-05-20 20:53 ` [gentoo-kernel] " Christian Heim
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Daniel Drake @ 2007-05-20 20:03 UTC (permalink / raw
  To: gentoo-kernel

Anyone interested in contributing the Gentoo kernel security project?

Basic roles here are to handle vulnerabilities (both minor and major) in 
the kernel. The issues come in from databases such as cve.mitre.org, 
usually with patches, and you have to coordinate those patches flowing 
into the portage tree.

The usual process is to have a bug on the Gentoo bugzilla per security 
report. Initially you get me to include the patch in genpatches, then 
you CC maintainers of all other affected kernels and pester them until 
they have fixed their kernel, either by including the newer genpatches 
or by adding the patch individually.

This isn't a terribly interesting task, but is important and we're 
behind on issue tracking here. The thing that will make it interesting 
is that after getting a grasp of how the system works, we are looking 
for someone to develop software to help us track the security bugs and 
help communicate that info to users (who typically want to know when a 
new kernel fixes a security issue, so that they can upgrade). This 
software would probably be web-based.

Anyone interested?

http://www.gentoo.org/proj/en/security/kernel.xml

Thanks,
Daniel
-- 
gentoo-kernel@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [gentoo-kernel] Re: More manpower needed for Gentoo Kernel Security project
  2007-05-20 20:03 [gentoo-kernel] More manpower needed for Gentoo Kernel Security project Daniel Drake
@ 2007-05-20 20:53 ` Christian Heim
  2007-05-21 10:03 ` [gentoo-kernel] " Charles Clément
  2007-05-21 13:25 ` Strake
  2 siblings, 0 replies; 5+ messages in thread
From: Christian Heim @ 2007-05-20 20:53 UTC (permalink / raw
  To: gentoo-kernel

[-- Attachment #1: Type: text/plain, Size: 392 bytes --]

On Sunday 20 May 2007 22:03:45 Daniel Drake wrote:
> Anyone interested in contributing the Gentoo kernel security project?

Once I stopped being a recruiter, I might have some more time for 
kernel(-security) related things ..

Regards,

   Christian

-- 
Christian Heim <phreak at gentoo.org>
GPG key ID: 9A9F68E6
Fingerprint: AEC4 87B8 32B8 4922 B3A9 DF79 CAE3 556F 9A9F 68E6

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project
  2007-05-20 20:03 [gentoo-kernel] More manpower needed for Gentoo Kernel Security project Daniel Drake
  2007-05-20 20:53 ` [gentoo-kernel] " Christian Heim
@ 2007-05-21 10:03 ` Charles Clément
  2007-05-21 11:45   ` Robert Clark
  2007-05-21 13:25 ` Strake
  2 siblings, 1 reply; 5+ messages in thread
From: Charles Clément @ 2007-05-21 10:03 UTC (permalink / raw
  To: gentoo-kernel

On Sun, May 20, 2007 at 04:03:45PM -0400, Daniel Drake wrote:
>  Anyone interested in contributing the Gentoo kernel security project?

Yes, I would like to be involve in such a project but what are the
requirements for such a task?

>  http://www.gentoo.org/proj/en/security/kernel.xml
> 
>  Thanks,
>  Daniel
>  -- 
>  gentoo-kernel@gentoo.org mailing list

-- 
Charles Clément.
-- 
gentoo-kernel@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project
  2007-05-21 10:03 ` [gentoo-kernel] " Charles Clément
@ 2007-05-21 11:45   ` Robert Clark
  0 siblings, 0 replies; 5+ messages in thread
From: Robert Clark @ 2007-05-21 11:45 UTC (permalink / raw
  To: gentoo-kernel

I'd love to help out. see you on IRC

On 21/05/07, Charles Clément <caratorn@gmail.com> wrote:
> On Sun, May 20, 2007 at 04:03:45PM -0400, Daniel Drake wrote:
> >  Anyone interested in contributing the Gentoo kernel security project?
>
> Yes, I would like to be involve in such a project but what are the
> requirements for such a task?
>
> >  http://www.gentoo.org/proj/en/security/kernel.xml
> >
> >  Thanks,
> >  Daniel
> >  --
> >  gentoo-kernel@gentoo.org mailing list
>
> --
> Charles Clément.
> --
> gentoo-kernel@gentoo.org mailing list
>
>


-- 
/**
  * Gentoo Linux Developer
  * GPG : 0x2217D168
  */
--
gentoo-kernel@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project
  2007-05-20 20:03 [gentoo-kernel] More manpower needed for Gentoo Kernel Security project Daniel Drake
  2007-05-20 20:53 ` [gentoo-kernel] " Christian Heim
  2007-05-21 10:03 ` [gentoo-kernel] " Charles Clément
@ 2007-05-21 13:25 ` Strake
  2 siblings, 0 replies; 5+ messages in thread
From: Strake @ 2007-05-21 13:25 UTC (permalink / raw
  To: gentoo-kernel

[-- Attachment #1: Type: text/plain, Size: 1514 bytes --]

I can help

On 5/20/07, Daniel Drake <dsd@gentoo.org > wrote:
>
> Anyone interested in contributing the Gentoo kernel security project?
>
> Basic roles here are to handle vulnerabilities (both minor and major) in
> the kernel. The issues come in from databases such as cve.mitre.org,
> usually with patches, and you have to coordinate those patches flowing
> into the portage tree.
>
> The usual process is to have a bug on the Gentoo bugzilla per security
> report. Initially you get me to include the patch in genpatches, then
> you CC maintainers of all other affected kernels and pester them until
> they have fixed their kernel, either by including the newer genpatches
> or by adding the patch individually.
>
> This isn't a terribly interesting task, but is important and we're
> behind on issue tracking here. The thing that will make it interesting
> is that after getting a grasp of how the system works, we are looking
> for someone to develop software to help us track the security bugs and
> help communicate that info to users (who typically want to know when a
> new kernel fixes a security issue, so that they can upgrade). This
> software would probably be web-based.
>
> Anyone interested?
>
> http://www.gentoo.org/proj/en/security/kernel.xml
>
> Thanks,
> Daniel
> --
> gentoo-kernel@gentoo.org mailing list
>
>


-- 
Registered Linux User #392061
counter.li.org
--------
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
--------
Roses are Red
Violets are Blue
In Soviet Russia
Poem Writes YOU!

[-- Attachment #2: Type: text/html, Size: 2416 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2007-05-21 13:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-20 20:03 [gentoo-kernel] More manpower needed for Gentoo Kernel Security project Daniel Drake
2007-05-20 20:53 ` [gentoo-kernel] " Christian Heim
2007-05-21 10:03 ` [gentoo-kernel] " Charles Clément
2007-05-21 11:45   ` Robert Clark
2007-05-21 13:25 ` Strake

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox