From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from <gentoo-kernel+bounces-217-garchives=archives.gentoo.org@gentoo.org>) id 1Hq7us-00088s-8H for garchives@archives.gentoo.org; Mon, 21 May 2007 13:27:14 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4LDP7wn005962; Mon, 21 May 2007 13:25:07 GMT Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4LDP52e005885 for <gentoo-kernel@lists.gentoo.org>; Mon, 21 May 2007 13:25:06 GMT Received: by an-out-0708.google.com with SMTP id b33so432727ana for <gentoo-kernel@lists.gentoo.org>; Mon, 21 May 2007 06:25:03 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=TqXC6prPHNLSoxS7yqa7uTIPwHRqpIW22D33wtmcprykCReicnhqh2gWpl9u7dggeTkDm3HZdFr1i6MaIXrd7i9MauW5+SafXL0L/HMabICzcSymioDhASxK6ifIN/CYyI37WvGwWC9imX4sxFWyUmK7hdoXAqHzZvJaectwQto= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=flwFyrHWvDFY+Oc/OLtvCRV0jodbe4fWsydEYnAXCzaHTgcajEzUin2Fm5rsMH0g0SFyADhMZWU3XqoG4gicQ2SvzGOiofW9uFB0v4lnUxzCKTM44S1qHVUxDDuJjOxrJPwOQXiQltRJIFi72Bp6N7daaYpO/OiQTCks53dGAgc= Received: by 10.100.178.7 with SMTP id a7mr2968054anf.1179753903640; Mon, 21 May 2007 06:25:03 -0700 (PDT) Received: by 10.101.68.9 with HTTP; Mon, 21 May 2007 06:25:03 -0700 (PDT) Message-ID: <ab87a3bf0705210625t13f2bc60k3e813208664175ff@mail.gmail.com> Date: Mon, 21 May 2007 09:25:03 -0400 From: Strake <strake888@gmail.com> To: gentoo-kernel@lists.gentoo.org Subject: Re: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project In-Reply-To: <4650A9A1.90202@gentoo.org> Precedence: bulk List-Post: <mailto:gentoo-kernel@lists.gentoo.org> List-Help: <mailto:gentoo-kernel+help@gentoo.org> List-Unsubscribe: <mailto:gentoo-kernel+unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-kernel+subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-kernel.gentoo.org> X-BeenThere: gentoo-kernel@gentoo.org Reply-to: gentoo-kernel@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_115888_5225364.1179753903498" References: <4650A9A1.90202@gentoo.org> X-Archives-Salt: 3084bcb0-1590-4d25-aea6-8f029d5ebdee X-Archives-Hash: a55775522128987b326ef9aebab97a9c ------=_Part_115888_5225364.1179753903498 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline I can help On 5/20/07, Daniel Drake <dsd@gentoo.org > wrote: > > Anyone interested in contributing the Gentoo kernel security project? > > Basic roles here are to handle vulnerabilities (both minor and major) in > the kernel. The issues come in from databases such as cve.mitre.org, > usually with patches, and you have to coordinate those patches flowing > into the portage tree. > > The usual process is to have a bug on the Gentoo bugzilla per security > report. Initially you get me to include the patch in genpatches, then > you CC maintainers of all other affected kernels and pester them until > they have fixed their kernel, either by including the newer genpatches > or by adding the patch individually. > > This isn't a terribly interesting task, but is important and we're > behind on issue tracking here. The thing that will make it interesting > is that after getting a grasp of how the system works, we are looking > for someone to develop software to help us track the security bugs and > help communicate that info to users (who typically want to know when a > new kernel fixes a security issue, so that they can upgrade). This > software would probably be web-based. > > Anyone interested? > > http://www.gentoo.org/proj/en/security/kernel.xml > > Thanks, > Daniel > -- > gentoo-kernel@gentoo.org mailing list > > -- Registered Linux User #392061 counter.li.org -------- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -------- Roses are Red Violets are Blue In Soviet Russia Poem Writes YOU! ------=_Part_115888_5225364.1179753903498 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I can help<br><br><div><span class="gmail_quote">On 5/20/07, <b class="gmail_sendername">Daniel Drake</b> <<a href="mailto:dsd@gentoo.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dsd@gentoo.org </a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Anyone interested in contributing the Gentoo kernel security project? <br> <br>Basic roles here are to handle vulnerabilities (both minor and major) in<br>the kernel. The issues come in from databases such as <a href="http://cve.mitre.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> cve.mitre.org</a>,<br>usually with patches, and you have to coordinate those patches flowing <br>into the portage tree.<br><br>The usual process is to have a bug on the Gentoo bugzilla per security<br>report. Initially you get me to include the patch in genpatches, then<br>you CC maintainers of all other affected kernels and pester them until <br>they have fixed their kernel, either by including the newer genpatches<br>or by adding the patch individually.<br><br>This isn't a terribly interesting task, but is important and we're<br>behind on issue tracking here. The thing that will make it interesting <br>is that after getting a grasp of how the system works, we are looking<br>for someone to develop software to help us track the security bugs and<br>help communicate that info to users (who typically want to know when a <br>new kernel fixes a security issue, so that they can upgrade). This<br>software would probably be web-based.<br><br>Anyone interested?<br><br><a href="http://www.gentoo.org/proj/en/security/kernel.xml" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> http://www.gentoo.org/proj/en/security/kernel.xml </a><br><br>Thanks,<br>Daniel<br>--<br><a href="mailto:gentoo-kernel@gentoo.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">gentoo-kernel@gentoo.org</a> mailing list<br><br></blockquote></div> <br><br clear="all"><br>-- <br>Registered Linux User #392061<br><a href="http://counter.li.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> counter.li.org</a><br>--------<br>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0<br>--------<br>Roses are Red<br>Violets are Blue<br>In Soviet Russia<br>Poem Writes YOU! ------=_Part_115888_5225364.1179753903498-- -- gentoo-kernel@gentoo.org mailing list