From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-kernel+bounces-217-garchives=archives.gentoo.org@gentoo.org>)
	id 1Hq7us-00088s-8H
	for garchives@archives.gentoo.org; Mon, 21 May 2007 13:27:14 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4LDP7wn005962;
	Mon, 21 May 2007 13:25:07 GMT
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250])
	by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4LDP52e005885
	for <gentoo-kernel@lists.gentoo.org>; Mon, 21 May 2007 13:25:06 GMT
Received: by an-out-0708.google.com with SMTP id b33so432727ana
        for <gentoo-kernel@lists.gentoo.org>; Mon, 21 May 2007 06:25:03 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=TqXC6prPHNLSoxS7yqa7uTIPwHRqpIW22D33wtmcprykCReicnhqh2gWpl9u7dggeTkDm3HZdFr1i6MaIXrd7i9MauW5+SafXL0L/HMabICzcSymioDhASxK6ifIN/CYyI37WvGwWC9imX4sxFWyUmK7hdoXAqHzZvJaectwQto=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=flwFyrHWvDFY+Oc/OLtvCRV0jodbe4fWsydEYnAXCzaHTgcajEzUin2Fm5rsMH0g0SFyADhMZWU3XqoG4gicQ2SvzGOiofW9uFB0v4lnUxzCKTM44S1qHVUxDDuJjOxrJPwOQXiQltRJIFi72Bp6N7daaYpO/OiQTCks53dGAgc=
Received: by 10.100.178.7 with SMTP id a7mr2968054anf.1179753903640;
        Mon, 21 May 2007 06:25:03 -0700 (PDT)
Received: by 10.101.68.9 with HTTP; Mon, 21 May 2007 06:25:03 -0700 (PDT)
Message-ID: <ab87a3bf0705210625t13f2bc60k3e813208664175ff@mail.gmail.com>
Date: Mon, 21 May 2007 09:25:03 -0400
From: Strake <strake888@gmail.com>
To: gentoo-kernel@lists.gentoo.org
Subject: Re: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project
In-Reply-To: <4650A9A1.90202@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-kernel@lists.gentoo.org>
List-Help: <mailto:gentoo-kernel+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-kernel+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-kernel+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-kernel.gentoo.org>
X-BeenThere: gentoo-kernel@gentoo.org
Reply-to: gentoo-kernel@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_115888_5225364.1179753903498"
References: <4650A9A1.90202@gentoo.org>
X-Archives-Salt: 3084bcb0-1590-4d25-aea6-8f029d5ebdee
X-Archives-Hash: a55775522128987b326ef9aebab97a9c

------=_Part_115888_5225364.1179753903498
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I can help

On 5/20/07, Daniel Drake <dsd@gentoo.org > wrote:
>
> Anyone interested in contributing the Gentoo kernel security project?
>
> Basic roles here are to handle vulnerabilities (both minor and major) in
> the kernel. The issues come in from databases such as cve.mitre.org,
> usually with patches, and you have to coordinate those patches flowing
> into the portage tree.
>
> The usual process is to have a bug on the Gentoo bugzilla per security
> report. Initially you get me to include the patch in genpatches, then
> you CC maintainers of all other affected kernels and pester them until
> they have fixed their kernel, either by including the newer genpatches
> or by adding the patch individually.
>
> This isn't a terribly interesting task, but is important and we're
> behind on issue tracking here. The thing that will make it interesting
> is that after getting a grasp of how the system works, we are looking
> for someone to develop software to help us track the security bugs and
> help communicate that info to users (who typically want to know when a
> new kernel fixes a security issue, so that they can upgrade). This
> software would probably be web-based.
>
> Anyone interested?
>
> http://www.gentoo.org/proj/en/security/kernel.xml
>
> Thanks,
> Daniel
> --
> gentoo-kernel@gentoo.org mailing list
>
>


-- 
Registered Linux User #392061
counter.li.org
--------
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
--------
Roses are Red
Violets are Blue
In Soviet Russia
Poem Writes YOU!

------=_Part_115888_5225364.1179753903498
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I can help<br><br><div><span class="gmail_quote">On 5/20/07, <b class="gmail_sendername">Daniel Drake</b> &lt;<a href="mailto:dsd@gentoo.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dsd@gentoo.org
</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Anyone interested in contributing the Gentoo kernel security project?
<br>
<br>Basic roles here are to handle vulnerabilities (both minor and major) in<br>the kernel. The issues come in from databases such as <a href="http://cve.mitre.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
cve.mitre.org</a>,<br>usually with patches, and you have to coordinate those patches flowing
<br>into the portage tree.<br><br>The usual process is to have a bug on the Gentoo bugzilla per security<br>report. Initially you get me to include the patch in genpatches, then<br>you CC maintainers of all other affected kernels and pester them until
<br>they have fixed their kernel, either by including the newer genpatches<br>or by adding the patch individually.<br><br>This isn&#39;t a terribly interesting task, but is important and we&#39;re<br>behind on issue tracking here. The thing that will make it interesting
<br>is that after getting a grasp of how the system works, we are looking<br>for someone to develop software to help us track the security bugs and<br>help communicate that info to users (who typically want to know when a
<br>new kernel fixes a security issue, so that they can upgrade). This<br>software would probably be web-based.<br><br>Anyone interested?<br><br><a href="http://www.gentoo.org/proj/en/security/kernel.xml" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.gentoo.org/proj/en/security/kernel.xml
</a><br><br>Thanks,<br>Daniel<br>--<br><a href="mailto:gentoo-kernel@gentoo.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">gentoo-kernel@gentoo.org</a> mailing list<br><br></blockquote></div>
<br><br clear="all"><br>-- <br>Registered Linux User #392061<br><a href="http://counter.li.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
counter.li.org</a><br>--------<br>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0<br>--------<br>Roses are Red<br>Violets are Blue<br>In Soviet Russia<br>Poem Writes YOU!

------=_Part_115888_5225364.1179753903498--
-- 
gentoo-kernel@gentoo.org mailing list