From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MEl1y-0006ia-51 for garchives@archives.gentoo.org; Thu, 11 Jun 2009 14:13:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CBDDEE057F; Thu, 11 Jun 2009 14:13:24 +0000 (UTC) Received: from mail.goodpoint.de (tori.goodpoint.de [85.10.203.41]) by pigeon.gentoo.org (Postfix) with ESMTP id 95E0BE057F for ; Thu, 11 Jun 2009 14:13:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: rbu) by mail.goodpoint.de (Postfix) with ESMTP id 4C20C109D74; Thu, 11 Jun 2009 16:13:23 +0200 (CEST) From: Robert Buchholz To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] the Gentoo Audit project and dev-util/splint Date: Thu, 11 Jun 2009 16:13:20 +0200 User-Agent: KMail/1.9.9 Cc: Mansour Moufid References: <44a1f4d20906032044w9b2a301pe617199ec9fb86f@mail.gmail.com> <200906041258.21882.rbu@gentoo.org> <44a1f4d20906101335t108a410bjef39a1d9d97e2004@mail.gmail.com> In-Reply-To: <44a1f4d20906101335t108a410bjef39a1d9d97e2004@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@lists.gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2031161.AQNJBteohi"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200906111613.22362.rbu@gentoo.org> X-Archives-Salt: 10552885-4fe7-4672-99a8-8b4f92291b2d X-Archives-Hash: cbadaf1451a88866c6521575c2d5dfe2 --nextPart2031161.AQNJBteohi Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello Mansour, On Wednesday 10 June 2009, Mansour Moufid wrote: > > But keep in mind there is a certain amount of work that comes with > > this. > > How much time would members typically put in, say, per week? I > imagine it's difficult to estimate an 'average' -- since most of the > time spent is probably in actually reviewing source code -- but I'm > looking forward to contributing a decent number of hours a week as > part of this project. Effort is certainly no deterrent. As with most oss projects, you put in the amount of time you are=20 comfortable with. There's usually more items on the TODO stack than you=20 can handle anyway, so you either let it rest for a few days/weeks when=20 you are busy, or work off large chunks when you have some time to burn. To get you started, I would suggest you look for tasks that sound=20 interesting. There are several bugs that need attention. Some of them=20 are in the "Gentoo Security/Audit" section of Bugzilla. Mondo-rescue's=20 latest version needs to be looked at, for example:=20 https://bugs.gentoo.org/show_bug.cgi?id=3D106497 There is a list of packages bundling libraries. Some of these might have=20 security impact:=20 https://bugs.gentoo.org/showdependencytree.cgi?id=3D251464 There's also some of the "Gentoo Security/Vulnerabilities" bugs that=20 need attention. If you're seeking to discover new vulnerabilities=20 instead of working on details of existing bugs, can literally start=20 anywhere you like. Contact us in IRC or via Jabber if you need assistance. Robert --nextPart2031161.AQNJBteohi Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iQIcBAABCAAGBQJKMRECAAoJECaaHo/OfoM5Q6sP/jv8nYRdB77Dy2SGndoOXUdA h31cZUz1txD/QWQI6ao9yg6SIBAK/NH3y8ZYR9Wnpe6wkNdXutheKw6lPxhVLAUU 5TkDwI4E+bDxkhiqMxBD0efBP5efvL9bkYvGnFUUYXWKW9AvqHwIBrLKTYGw+3rG jZNaCMvPOkb6zpn2HIwKWXJEhp1DSqucAf7BNcCj1Me2APufO9Zv4bZgYPJ87sxL QKnyMSHC3DmMjqaj5JLGgjO/lIfQDiKZb0TvyV8rCgqqQGWvn1ZyPU5vD8SrewNn F/yz/khrU6twW89U75lAc1w66Uy13vkDHe7yKdoVEW/+grsW4GvFTDJcf1EN57tS Xs1RpAvVnBwGlULFP6RZ8XayQo4NCKc711t3QoCpsum/D4H69Kj0Wbb6z+7ph3Gu qESPdt8hJ0x9OLrhuY9xj16duDty+Xn1JUgxYgdQWwJhls/pwfRVrCXNVgYHwRzf Hbp0x9tI7iNYvidZs2UZMXSrRGR474BL/WfrVn09HK0a0ZJ9Ir7QPCKlHEwcvJqG A1WQ/2viMZJe61QxF23b2L1YfeJl98vif9r1V0bcweujvssSBq+8BS0wp3WUcN1b HytPZP/1X7HyC3EPB5PN467dK4l2gODP0mJSFZHqdakb7hh6ZJwyxqAl2k8vlVuG RIu4z6G8ZWgI6jDO7PrA =CRzl -----END PGP SIGNATURE----- --nextPart2031161.AQNJBteohi--