Re: [gentoo-security] the Gentoo Audit project and dev-util/splint

[Robert Buchholz <rbu@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1551 bytes --]

Hello Mansour,

On Wednesday 10 June 2009, Mansour Moufid wrote:
> > But keep in mind there is a certain amount of work that comes with
> > this.
>
> How much time would members typically put in, say, per week? I
> imagine it's difficult to estimate an 'average' -- since most of the
> time spent is probably in actually reviewing source code -- but I'm
> looking forward to contributing a decent number of hours a week as
> part of this project. Effort is certainly no deterrent.

As with most oss projects, you put in the amount of time you are 
comfortable with. There's usually more items on the TODO stack than you 
can handle anyway, so you either let it rest for a few days/weeks when 
you are busy, or work off large chunks when you have some time to burn.

To get you started, I would suggest you look for tasks that sound 
interesting. There are several bugs that need attention. Some of them 
are in the "Gentoo Security/Audit" section of Bugzilla. Mondo-rescue's 
latest version needs to be looked at, for example: 
https://bugs.gentoo.org/show_bug.cgi?id=106497

There is a list of packages bundling libraries. Some of these might have 
security impact: 
https://bugs.gentoo.org/showdependencytree.cgi?id=251464

There's also some of the "Gentoo Security/Vulnerabilities" bugs that 
need attention. If you're seeking to discover new vulnerabilities 
instead of working on details of existing bugs, can literally start 
anywhere you like.

Contact us in IRC or via Jabber if you need assistance.

Robert

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]