[arch-security] Division of Labor
Salutations and Felicitations! The arch-security ML is a great idea. I'd like to help, but I'm not sure where I'm best placed. I have time to watch a couple of mailing lists for security announcements. But I feel I need to know who is doing what, so that I'm not duplicating someone else's work, a sort of division of labor. If we all take a ML or two, share what we're doing, then we'll divide the labor and be more efficient at keeping Arch secure. What think ye? BW ------------------------------------------[00(01|10)11] ----------------------------------------- Billy Wayne McCann, Ph.D. Google+ <https://plus.google.com/+BillyWayneMcCann> PGP Key <http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040> irc://irc.freenode.net:bwayne MzM0LTcwMy0wMTIyCg== | base64 -d "A rich man will always desire what his wealth cannot acquire." ~ Faust (Goethe) ------------------------------------------[11(10|01)00]------- -----------------------------------
Am 11.03.2014 04:41, schrieb Billy McCann:
Salutations and Felicitations!
The arch-security ML is a great idea.
I'd like to help, but I'm not sure where I'm best placed. I have time to watch a couple of mailing lists for security announcements.
But I feel I need to know who is doing what, so that I'm not duplicating someone else's work, a sort of division of labor.
If we all take a ML or two, share what we're doing, then we'll divide the labor and be more efficient at keeping Arch secure.
What think ye?
If you want to take the initiative on this, why don't you create a wiki page where we can list projects to watch and who is watching what.
I'll begin the wiki. I should first read and digest the "Contributing" page. I've never initiated a page. There must be others on the list. If so, please identify any packages for which you'd like to be responsible. A simple response such as "YOURNAME" ====> {pkg1, pkg2} or similar would be excellent. BW ------------------------------------------[00(01|10)11] ----------------------------------------- Billy Wayne McCann, Ph.D. Google+ <https://plus.google.com/+BillyWayneMcCann> PGP Key <http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040> irc://irc.freenode.net:bwayne MzM0LTcwMy0wMTIyCg== | base64 -d "A rich man will always desire what his wealth cannot acquire." ~ Faust (Goethe) ------------------------------------------[11(10|01)00]------- ----------------------------------- On Tue, Mar 11, 2014 at 5:18 AM, Thomas Bächler <thomas@archlinux.org>wrote:
Am 11.03.2014 04:41, schrieb Billy McCann:
Salutations and Felicitations!
The arch-security ML is a great idea.
I'd like to help, but I'm not sure where I'm best placed. I have time to watch a couple of mailing lists for security announcements.
But I feel I need to know who is doing what, so that I'm not duplicating someone else's work, a sort of division of labor.
If we all take a ML or two, share what we're doing, then we'll divide the labor and be more efficient at keeping Arch secure.
What think ye?
If you want to take the initiative on this, why don't you create a wiki page where we can list projects to watch and who is watching what.
_______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
If we all take a ML or two, share what we're doing, then we'll divide the labor and be more efficient at keeping Arch secure.
Good idea, I think the best way to manage that is by categories of packages, like language interpreters, frameworks etc. People with good technical level would be able to not only fill bug report about CVE, but write/comment patch, test stuff, speak to upstream etc. I think we should manage to get people dealing with: - perl and associated software - python and associated software - java and associated software - ruby and associated software - Xorg stuff - gtk and associated DE/software - qt and associated DE/software - etc. The job is basically just to follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. You will quickly learn the different kind of vulnerabilities if you don't know that already. For the languages, I think it's better to be able to deal at both the interpreter level (often written in C) and the language level. And of course, there is enough space for more that one people by category. RbN
participants (3)
-
Billy McCann
-
RbN
-
Thomas Bächler