Project:Security
| Security Project | |
|---|---|
| Description | The Security Project's mission is to ensure that vulnerabilities in software accessible through the Portage tree are found and fixed in a timely manner, so that our users remain protected against known vulnerabilities. |
| Project email | security@gentoo.org |
| IRC channel | #gentoo-security (webchat) |
| Bugs | Related bugs |
| Lead(s) |
Last elected: 2022-08-20 |
| Member(s) |
|
| Subproject(s) (and inherited member(s)) |
(none) |
| Parent Project | Gentoo |
| Project listing | |
When updating project membership, other places must be updated too: Bugzilla groups; woodpecker mailing list members; linux-distros membership; website (www.git)'s security page!
Contributors
The following Gentoo developers are not part of the team, but we would like to acknowledge their contributions to the project:
| Contributor | Nickname | Contribution |
|---|---|---|
| Agostino Sarubbo | Agostino Sarubbo (ago) | Security Bug Coordination |
| Paweł Hajdan | Paweł Hajdan, Jr. (phajdan.jr) | GLSA Coordination: Chromium, V8 |
| Ned Ludd | solar | Security patches, Auditing |
| Mike Frysinger | Mike Frysinger (vapier) | Security patches |
| Stephan Hartmann | Stephan Hartmann (sultan) | Chromium (et al) bug coordination |
Meetings
The following meetings have been held so far by the Gentoo Linux Security project:
- Gentoo Security Project Meeting 2018-09-02 ( Log )
- Gentoo Security Project Meeting 2018-07-29 ( Log )
- Gentoo Security Project Meeting 2018-06-24 ( Log )
- Gentoo Security Project Meeting 2018-06-03 ( Log )
- Gentoo Security Project Meeting 2018-04-21 ( Log )
- Gentoo Security Project Meeting 2018-02-18 ( Log )
- Gentoo Security Project Meeting 2010-09-01 ( Log , Summary)
- Gentoo Security Project Meeting 2008-07-14 ( Log , Summary)
Recruitment
We are currently looking for users interested in helping the project with these jobs:
| Title | Description | Requirements | Contact |
|---|---|---|---|
| GLSA Coordinators | Helping with the coordination of security bugs and GLSAs. More information to get in touch can be found on the Security Project page and in the linked ressouces. | Strong interest in security matters and good knowledge of written English. A professional security background is not required at all. | security@gentoo.org |
Becoming a Gentoo Security developer
How to join the team
To participate in the Gentoo Linux Security Project, feel free to introduce yourself via one of our communication media, such as via email to security@gentoo.org or via IRC in #gentoo-security (webchat). Participation in bug wrangling is a must; you will also need a Gentoo Bugzilla account. Joining the Gentoo community on IRC is the best way to join the community - you will be able to talk to many of our developers and users for more information or just to chat about the state of existing projects, both in terms of security and beyond to the broader Gentoo world.
Users interested in participating should begin familiarizing themselves with the documentation referenced at the bottom of this page, in particular the Scouting Tips page, which will get you started with what you need to begin helping out with the project.
While users who wish to maintain complete anonymity will not be able to join as official Gentoo developers, their contributions to Gentoo Security are valued regardless of where they come from.
Supported kernel sources
| Kernel source | Security liaison |
|---|---|
| sys-kernel/gentoo-sources | Gentoo Kernel project |
| sys-kernel/gentoo-kernel, sys-kernel/gentoo-kernel-bin | Distribution Kernel project |
Resources
The Security Project offers several resources for varying target audiences.
Resources aimed at the general public include:
Resources aimed at new contributors include:
Useful Bugzilla searches:
- All open security bugs
- Open bugs with "upstream" in the whiteboard (i.e. needing upstream action)
- Open bugs with "ebuild" in the whiteboard (i.e. needing action in ::gentoo)
- Open bugs with "stable?" in the whiteboard (i.e. pending stablereq)
- Open bugs with "stable" in the whiteboard (i.e. waiting for stabilization to finish)
- Open bugs with "glsa?" in the whiteboard (i.e. waiting for glsa decision)
- Open bugs with "glsa" in the whiteboard (i.e. GLSA request is filed and pending release)
- Open bugs with "noglsa" in the whiteboard (i.e. a GLSA will not be released but the bug is open for some other reason)
Resources aimed at advanced contributors and team members include:
- GLSA Coordinators Guide, a guide for Security Team members
- Affiliations of the Security team with CERTs, other groups and mailing lists
Pages which are no longer used but remain undeleted for historical reasons: