Forums

Skip to content

Advanced search
  • Quick links
    • Unanswered topics
    • Active topics
    • Search
  • FAQ
  • Login
  • Register
  • Board index Assistance Networking & Security
  • Search

Gentoo Linux Security Team

Having problems getting connected to the internet or running a server? Wondering about securing your box? Ask here.
Post Reply
Advanced search
4 posts • Page 1 of 1
Author
Message
Koon
Retired Dev
Retired Dev
User avatar
Posts: 518
Joined: Tue Dec 10, 2002 9:33 am

Gentoo Linux Security Team

  • Quote

Post by Koon » Tue Nov 16, 2004 12:52 pm

Hello everyone,

This topic will introduce you to the Gentoo Linux Security Team, what it does and what help we need, as well as giving a few useful pointers.

The Gentoo Linux Security project is tasked with timely resolution of security issues in software provided through the Portage tree. That's our main task, reaction to known issues and confidential ones, pushing Gentoo package maintainers and arch teams to provide fixed stable ebuilds and issuing GLSAs. We also do preventive actions through our Audit subproject. We do not handle Gentoo Infrastructure security, other than giving expert advice when we're asked.

The main information point for Gentoo Security is the Gentoo Security page. You will find recent GLSAs, instructions on how to submit security problems and all online pointers on this main page :

http://security.gentoo.org/

Unfortunately, we don't have as much free time as we would want, and we don't follow the forums very closely. If you notice a new vulnerability, or an error in a published GLSA, you should submit a new bug in Gentoo Bugzilla and we'll handle it. Vulnerabilities must be filed under Product=Gentoo Security and Component=Vulnerabilities. GLSA errors should be filed under Product=Gentoo Security and Component=GLSA Errors.

We follow a precise policy when handling these vulnerabilities. Our process is completely open, except when handling non-public vulnerabilities that are sent to us on condition that we do not publish them before a specific date. You can observe and join us on the #gentoo-security Freenode IRC channel, where all Security members hang out.

You might wonder what you can do to help us. We mostly need GLSA Coordinators, to scout for new security bugs, draft and review GLSAs, handle security bugs and publish GLSAs. This job needs a small but constant commitment, as you will be assigned security bugs that need updating at least once per day. You start as a scout, submitting new vulnerability bugs in Bugzilla and helping solving security issues, to finally be appointed as a Gentoo Security developer and send GLSAs under your own name. You can learn about the security recruitment process at the Security Padawans page.

If you are interested to join, please read the GLSA Coordinators Guide to see what the job really is about, drop an email to security@gentoo.org with your name and background, and start to submit new vulnerabilities and help on existing bugs (search for bugs owned by security@gentoo.org).

Thanks for your attention :)

--
Koon
Operational Manager, Gentoo Linux Security
Top
luca
Guru
Guru
Posts: 374
Joined: Wed Feb 11, 2004 1:54 pm

  • Quote

Post by luca » Wed Aug 16, 2006 8:28 am

Is there something like

Code: Select all

emerge security
which only updates software related to security ?

LuCa
Top
aqu
Apprentice
Apprentice
User avatar
Posts: 249
Joined: Sat Nov 12, 2005 8:10 am
Location: Kalisz, Poland
Contact:
Contact aqu
Website

  • Quote

Post by aqu » Wed Aug 16, 2006 6:52 pm

read security docs next time :/
---EDITED---
first emerge gentoolkit

Code: Select all

emerge gentoolkit
---EDITED---

Code: Select all

glsa-check -t all
to check on which bugs your system is affected

Code: Select all

glsa-check -p $(glsa-check -t all)
to check which packages will be emerged

Code: Select all

glsa-check -f $(glsa-check -t all)
to emerge those upgrades
Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939
adopt an unanswered post
Top
desultory
Bodhisattva
Bodhisattva
User avatar
Posts: 9410
Joined: Fri Nov 04, 2005 6:07 pm

  • Quote

Post by desultory » Thu Mar 20, 2014 3:55 am

Split off "[topic=986818]Handling GLSAs when no upgrade path is evident.[/topic]".
Top
Post Reply
4 posts • Page 1 of 1

Return to “Networking & Security”

Jump to
  • Assistance
  • ↳   News & Announcements
  • ↳   Frequently Asked Questions
  • ↳   Installing Gentoo
  • ↳   Multimedia
  • ↳   Desktop Environments
  • ↳   Networking & Security
  • ↳   Kernel & Hardware
  • ↳   Portage & Programming
  • ↳   Gamers & Players
  • ↳   Other Things Gentoo
  • ↳   Unsupported Software
  • Discussion & Documentation
  • ↳   Documentation, Tips & Tricks
  • ↳   Gentoo Chat
  • ↳   Gentoo Forums Feedback
  • ↳   Duplicate Threads
  • International Gentoo Users
  • ↳   中文 (Chinese)
  • ↳   Dutch
  • ↳   Finnish
  • ↳   French
  • ↳   Deutsches Forum (German)
  • ↳   Diskussionsforum
  • ↳   Deutsche Dokumentation
  • ↳   Greek
  • ↳   Forum italiano (Italian)
  • ↳   Forum di discussione italiano
  • ↳   Risorse italiane (documentazione e tools)
  • ↳   Polskie forum (Polish)
  • ↳   Instalacja i sprzęt
  • ↳   Polish OTW
  • ↳   Portuguese
  • ↳   Documentação, Ferramentas e Dicas
  • ↳   Russian
  • ↳   Scandinavian
  • ↳   Spanish
  • ↳   Other Languages
  • Architectures & Platforms
  • ↳   Gentoo on ARM
  • ↳   Gentoo on PPC
  • ↳   Gentoo on Sparc
  • ↳   Gentoo on Alternative Architectures
  • ↳   Gentoo on AMD64
  • ↳   Gentoo for Mac OS X (Portage for Mac OS X)
  • Board index
  • All times are UTC
  • Delete cookies

© 2001–2026 Gentoo Foundation, Inc.

Powered by phpBB® Forum Software © phpBB Limited

Privacy Policy

 

 

magic