From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1Hq7us-00088s-8H for garchives@archives.gentoo.org; Mon, 21 May 2007 13:27:14 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4LDP7wn005962; Mon, 21 May 2007 13:25:07 GMT Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4LDP52e005885 for ; Mon, 21 May 2007 13:25:06 GMT Received: by an-out-0708.google.com with SMTP id b33so432727ana for ; Mon, 21 May 2007 06:25:03 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=TqXC6prPHNLSoxS7yqa7uTIPwHRqpIW22D33wtmcprykCReicnhqh2gWpl9u7dggeTkDm3HZdFr1i6MaIXrd7i9MauW5+SafXL0L/HMabICzcSymioDhASxK6ifIN/CYyI37WvGwWC9imX4sxFWyUmK7hdoXAqHzZvJaectwQto= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=flwFyrHWvDFY+Oc/OLtvCRV0jodbe4fWsydEYnAXCzaHTgcajEzUin2Fm5rsMH0g0SFyADhMZWU3XqoG4gicQ2SvzGOiofW9uFB0v4lnUxzCKTM44S1qHVUxDDuJjOxrJPwOQXiQltRJIFi72Bp6N7daaYpO/OiQTCks53dGAgc= Received: by 10.100.178.7 with SMTP id a7mr2968054anf.1179753903640; Mon, 21 May 2007 06:25:03 -0700 (PDT) Received: by 10.101.68.9 with HTTP; Mon, 21 May 2007 06:25:03 -0700 (PDT) Message-ID: Date: Mon, 21 May 2007 09:25:03 -0400 From: Strake To: gentoo-kernel@lists.gentoo.org Subject: Re: [gentoo-kernel] More manpower needed for Gentoo Kernel Security project In-Reply-To: <4650A9A1.90202@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-kernel@gentoo.org Reply-to: gentoo-kernel@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_115888_5225364.1179753903498" References: <4650A9A1.90202@gentoo.org> X-Archives-Salt: 3084bcb0-1590-4d25-aea6-8f029d5ebdee X-Archives-Hash: a55775522128987b326ef9aebab97a9c ------=_Part_115888_5225364.1179753903498 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline I can help On 5/20/07, Daniel Drake wrote: > > Anyone interested in contributing the Gentoo kernel security project? > > Basic roles here are to handle vulnerabilities (both minor and major) in > the kernel. The issues come in from databases such as cve.mitre.org, > usually with patches, and you have to coordinate those patches flowing > into the portage tree. > > The usual process is to have a bug on the Gentoo bugzilla per security > report. Initially you get me to include the patch in genpatches, then > you CC maintainers of all other affected kernels and pester them until > they have fixed their kernel, either by including the newer genpatches > or by adding the patch individually. > > This isn't a terribly interesting task, but is important and we're > behind on issue tracking here. The thing that will make it interesting > is that after getting a grasp of how the system works, we are looking > for someone to develop software to help us track the security bugs and > help communicate that info to users (who typically want to know when a > new kernel fixes a security issue, so that they can upgrade). This > software would probably be web-based. > > Anyone interested? > > http://www.gentoo.org/proj/en/security/kernel.xml > > Thanks, > Daniel > -- > gentoo-kernel@gentoo.org mailing list > > -- Registered Linux User #392061 counter.li.org -------- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -------- Roses are Red Violets are Blue In Soviet Russia Poem Writes YOU! ------=_Part_115888_5225364.1179753903498 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I can help

On 5/20/07, Daniel Drake <dsd@gentoo.org > wrote:
Anyone interested in contributing the Gentoo kernel security project?

Basic roles here are to handle vulnerabilities (both minor and major) in
the kernel. The issues come in from databases such as cve.mitre.org,
usually with patches, and you have to coordinate those patches flowing
into the portage tree.

The usual process is to have a bug on the Gentoo bugzilla per security
report. Initially you get me to include the patch in genpatches, then
you CC maintainers of all other affected kernels and pester them until
they have fixed their kernel, either by including the newer genpatches
or by adding the patch individually.

This isn't a terribly interesting task, but is important and we're
behind on issue tracking here. The thing that will make it interesting
is that after getting a grasp of how the system works, we are looking
for someone to develop software to help us track the security bugs and
help communicate that info to users (who typically want to know when a
new kernel fixes a security issue, so that they can upgrade). This
software would probably be web-based.

Anyone interested?

http://www.gentoo.org/proj/en/security/kernel.xml

Thanks,
Daniel
--
gentoo-kernel@gentoo.org mailing list




--
Registered Linux User #392061
counter.li.org
--------
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
--------
Roses are Red
Violets are Blue
In Soviet Russia
Poem Writes YOU! ------=_Part_115888_5225364.1179753903498-- -- gentoo-kernel@gentoo.org mailing list