[arch-security] Division of Labor
RbN
r.b.n at riseup.net
Tue Mar 11 16:30:49 EDT 2014
> If we all take a ML or two, share what we're doing, then we'll divide the
> labor and be more efficient at keeping Arch secure.
Good idea, I think the best way to manage that is by categories of packages,
like language interpreters, frameworks etc.
People with good technical level would be able to not only fill bug report
about CVE, but write/comment patch, test stuff, speak to upstream etc.
I think we should manage to get people dealing with:
- perl and associated software
- python and associated software
- java and associated software
- ruby and associated software
- Xorg stuff
- gtk and associated DE/software
- qt and associated DE/software
- etc.
The job is basically just to follow mailing lists (both development and user),
security advisories (if any) and bug trackers on a regular basis. You will
quickly learn the different kind of vulnerabilities if you don't know that
already.
For the languages, I think it's better to be able to deal at both the
interpreter level (often written in C) and the language level.
And of course, there is enough space for more that one people by category.
RbN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140311/94e57b2f/attachment.asc>
More information about the arch-security
mailing list