From: "Casey Link" <unnamedrambler@gmail.com>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Kernel Security + KISS
Date: Thu, 21 Feb 2008 22:55:17 -0500 [thread overview]
Message-ID: <fb3727060802211955j54f27760g1ae36c7510f6ebb1@mail.gmail.com> (raw)
In-Reply-To: <b18fbe3c0802211826k7fc21d09gf78e6c9be188ad0c@mail.gmail.com>
Here are some day to day duties that will be need to get done.This
isn't exhaustive just the results of a few minutes of brainstorming:
* Stalking the places vulnerabilities are announced (CVE, mailing
lists, etc) to create the relevant bug.
* Determine which upstream (kernel.org) version has the fix and make
the whiteboard entry in bugzilla.
* Determine which sources are affected
* Nag kernel maintainers to patch their sources
* Find patches and discussion to link to the kernel maintainers to
ease their patching (and ideally encourage them to patch faster)
* As sources are patched update the whiteboard
* Release glsas of unaffected packages (?)
Some framework and specification needs to be laid, but that is a
general outline of the process I think. None of those duties require
programming experience at all. Of course crafting patches to send to
the kernel maintainers would be another helpful thing to do. Ideally
this would be made pretty simple with some nifty tools, however
manpower is going to be required regardless.
There are still the glaring issues of (1) the best way to notify users
of vulnerabilities, and (2) how to enforce rapid-ish response by
kernel maintainers. I think the best way to approach (2) is to be
amicable towards the maintainers. Point them in the right direction,
send them patches, etc., rather than spamming "OMG! Patch
foo-sources!" every day. Maybe we could give them candy or something.
Casey
On Thu, Feb 21, 2008 at 9:26 PM, Eduardo Tongson <propolice@gmail.com> wrote:
> Yes. We should each have assigned tasks which will depend on our
> respective skill and trait.
>
> -- ed*eonsec
>
>
>
> On Fri, Feb 22, 2008 at 3:28 AM, doppelgaenger <bm2600@gmail.com> wrote:
> > George Prowse wrote:
> > > Eduardo Tongson wrote:
> > >> Nice plan. I think you are more able to lead. Can we communicate more
> > >> in email perhaps a google group or list. IRC is not efficient for
> > >> people in different timezones.
> > >>
> > >> -- ed*eonsec
> > >>
> > > I agree, a list or group would be better at pooling the people at your
> > > disposal
> >
> > I also think it would be a good idea to set up some requirements profile
> > so people can identify them self in some kind of matrix ?
> >
> > I basically volunteer but not sure what use I could be with a background
> > as an ISO, limited time and basic C knowledge.
> >
> > --doppelgaenger
> >
> >
> > --
> > gentoo-security@lists.gentoo.org mailing list
> >
> >
> --
> gentoo-security@lists.gentoo.org mailing list
>
>
--
gentoo-security@lists.gentoo.org mailing list
next prev parent reply other threads:[~2008-02-22 3:56 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-16 22:57 [gentoo-security] Kernel Security + KISS Casey Link
2008-02-17 0:42 ` Calum
2008-02-17 17:46 ` Sune Kloppenborg Jeppesen
2008-02-17 21:43 ` Eduardo Tongson
2008-02-18 4:12 ` Robert Buchholz
2008-02-20 18:59 ` Harlan Lieberman-Berg
2008-02-20 19:28 ` C. Bergström
2008-02-20 22:55 ` Ned Ludd
2008-02-21 3:16 ` Eduardo Tongson
2008-02-21 6:05 ` Casey Link
2008-02-21 6:20 ` Juan Pablo Olivera
2008-02-21 7:02 ` Arthur Bispo de Castro
2008-02-21 9:14 ` nick loeve
2008-02-21 9:34 ` George Prowse
2008-02-21 13:09 ` Robert Joslyn
2008-02-21 13:35 ` Casey Link
2008-02-21 13:52 ` Eduardo Tongson
2008-02-21 16:22 ` George Prowse
2008-02-21 19:28 ` doppelgaenger
2008-02-22 2:26 ` Eduardo Tongson
2008-02-22 3:55 ` Casey Link [this message]
2008-02-23 0:48 ` Marc Riemer
2008-02-24 13:43 ` Sune Kloppenborg Jeppesen
2008-02-21 9:30 ` Marcin Dylewski
2008-02-21 9:54 ` Peter Hjalmarsson
2008-02-21 12:35 ` Eduardo Tongson
2008-02-21 13:32 ` Sune Kloppenborg Jeppesen
2008-02-25 18:10 ` Simon Zehntner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb3727060802211955j54f27760g1ae36c7510f6ebb1@mail.gmail.com \
--to=unnamedrambler@gmail.com \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox