Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo Linux Security Team
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Koon
Retired Dev
Retired Dev


Joined: 10 Dec 2002
Posts: 518

PostPosted: Tue Nov 16, 2004 12:52 pm    Post subject: Gentoo Linux Security Team Reply with quote

Hello everyone,

This topic will introduce you to the Gentoo Linux Security Team, what it does and what help we need, as well as giving a few useful pointers.

The Gentoo Linux Security project is tasked with timely resolution of security issues in software provided through the Portage tree. That's our main task, reaction to known issues and confidential ones, pushing Gentoo package maintainers and arch teams to provide fixed stable ebuilds and issuing GLSAs. We also do preventive actions through our Audit subproject. We do not handle Gentoo Infrastructure security, other than giving expert advice when we're asked.

The main information point for Gentoo Security is the Gentoo Security page. You will find recent GLSAs, instructions on how to submit security problems and all online pointers on this main page :

http://security.gentoo.org/

Unfortunately, we don't have as much free time as we would want, and we don't follow the forums very closely. If you notice a new vulnerability, or an error in a published GLSA, you should submit a new bug in Gentoo Bugzilla and we'll handle it. Vulnerabilities must be filed under Product=Gentoo Security and Component=Vulnerabilities. GLSA errors should be filed under Product=Gentoo Security and Component=GLSA Errors.

We follow a precise policy when handling these vulnerabilities. Our process is completely open, except when handling non-public vulnerabilities that are sent to us on condition that we do not publish them before a specific date. You can observe and join us on the #gentoo-security Freenode IRC channel, where all Security members hang out.

You might wonder what you can do to help us. We mostly need GLSA Coordinators, to scout for new security bugs, draft and review GLSAs, handle security bugs and publish GLSAs. This job needs a small but constant commitment, as you will be assigned security bugs that need updating at least once per day. You start as a scout, submitting new vulnerability bugs in Bugzilla and helping solving security issues, to finally be appointed as a Gentoo Security developer and send GLSAs under your own name. You can learn about the security recruitment process at the Security Padawans page.

If you are interested to join, please read the GLSA Coordinators Guide to see what the job really is about, drop an email to security@gentoo.org with your name and background, and start to submit new vulnerabilities and help on existing bugs (search for bugs owned by security@gentoo.org).

Thanks for your attention :)

--
Koon
Operational Manager, Gentoo Linux Security
Back to top
View user's profile Send private message
luca
Guru
Guru


Joined: 11 Feb 2004
Posts: 374

PostPosted: Wed Aug 16, 2006 8:28 am    Post subject: Reply with quote

Is there something like
Code:
emerge security

which only updates software related to security ?

LuCa
Back to top
View user's profile Send private message
aqu
Apprentice
Apprentice


Joined: 12 Nov 2005
Posts: 249
Location: Kalisz, Poland

PostPosted: Wed Aug 16, 2006 6:52 pm    Post subject: Reply with quote

read security docs next time :/
---EDITED---
first emerge gentoolkit
Code:
emerge gentoolkit

---EDITED---
Code:
glsa-check -t all

to check on which bugs your system is affected
Code:
glsa-check -p $(glsa-check -t all)

to check which packages will be emerged
Code:
glsa-check -f $(glsa-check -t all)

to emerge those upgrades
_________________
Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939

adopt an unanswered post
Back to top
View user's profile Send private message
desultory
Bodhisattva
Bodhisattva


Joined: 04 Nov 2005
Posts: 9410

PostPosted: Thu Mar 20, 2014 3:55 am    Post subject: Reply with quote

Split off "Handling GLSAs when no upgrade path is evident.".
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum