On 5/20/07, Daniel Drake <dsd@gentoo.org > wrote:

Anyone interested in contributing the Gentoo kernel security project?

Basic roles here are to handle vulnerabilities (both minor and major) in
the kernel. The issues come in from databases such as cve.mitre.org,
usually with patches, and you have to coordinate those patches flowing
into the portage tree.

The usual process is to have a bug on the Gentoo bugzilla per security
report. Initially you get me to include the patch in genpatches, then
you CC maintainers of all other affected kernels and pester them until
they have fixed their kernel, either by including the newer genpatches
or by adding the patch individually.

This isn't a terribly interesting task, but is important and we're
behind on issue tracking here. The thing that will make it interesting
is that after getting a grasp of how the system works, we are looking
for someone to develop software to help us track the security bugs and
help communicate that info to users (who typically want to know when a
new kernel fixes a security issue, so that they can upgrade). This
software would probably be web-based.

Anyone interested?

http://www.gentoo.org/proj/en/security/kernel.xml

Thanks,
Daniel
--
gentoo-kernel@gentoo.org mailing list