Anyone interested in contributing the Gentoo kernel security project?
Basic roles here are to handle vulnerabilities (both minor and major) in the kernel. The issues come in from databases such as cve.mitre.org, usually with patches, and you have to coordinate those patches flowing into the portage tree.
The usual process is to have a bug on the Gentoo bugzilla per security report. Initially you get me to include the patch in genpatches, then you CC maintainers of all other affected kernels and pester them until they have fixed their kernel, either by including the newer genpatches or by adding the patch individually.
This isn't a terribly interesting task, but is important and we're behind on issue tracking here. The thing that will make it interesting is that after getting a grasp of how the system works, we are looking for someone to develop software to help us track the security bugs and help communicate that info to users (who typically want to know when a new kernel fixes a security issue, so that they can upgrade). This software would probably be web-based.
Anyone interested? http://www.gentoo.org/proj/en/security/kernel.xml Thanks, Daniel -- [EMAIL PROTECTED] mailing list
