[aur-general] Trusted User application: Levente Polyak

Felix Yan felixonmars at archlinux.org
Thu Mar 19 17:44:01 UTC 2015


On 03/20/2015 01:05 AM, Levente Polyak wrote:
> Hello everyone,
> 
> My name is Levente Polyak (also known as anthraxx) and I would like to
> apply to become an Arch Linux TU. First at all I wanted to thank Felix
> Yan for being my sponsor for this journey.

I'm glad to sponsor you Levente, and I think we are already familiar
with your name on the security list.

Let the discussion begin!

--
Felix

> I was born in 1986 in Budapest (Hungary) and I'm currently working as a
> software developer and security engineer / pentester in Hamburg
> (Germany). I use GNU/Linux since something around 2001 and over the
> years collected lot of experience with different distributions and
> setups, going from SUSE over Debian and Ubuntu to Gentoo (and some
> others just for testing or education purpose). I was never fully
> satisfied with any of those, however with Gentoo I became acquainted
> with the concept of rolling releases which since then I don't wanted to
> ever miss. Finally around 2011 I gave Arch Linux a try and within a very
> short period of time I got fully addicted to its simplicity, flexibility
> and up-to-dateness. It was the first distribution were I started to feel
> like being "home" without having anything that annoyed me.
> 
> I started maintaining packages in the AUR in 2013 and it didn't took
> long until I noticed that I evolved a passion for doing that. Since then
> I adopted and submitted several tools and libraries [0] that I find
> useful and/or use myself.
> When I find packaging issues or software bugs I contact upstream about
> the problems and/or contribute to the code directly. To name some:
> binwalk, lynis, shellnoob, xortool, selene, minitube...
> 
> Besides my packaging activities I am very active in the Arch CVE
> Monitoring Team [1] since the first security advisory proposal of Remi
> [2]. As part of the team I track all relevant CVEs [3] which affect our
> official packages, push mitigation for important issues via bug reports
> and publish Arch Linux security advisories (ASA) [4] to the
> arch-security mailing list [5]. I'm also interested in developing for
> the Arch Linux ecosystem and as I noticed that the wiki became quite
> painful for tracking and handling the mitigation procedure, I started
> building a security tracker. If my current plan sum up I will be able to
> provide a preview of this soonish.
> 
> My packages reflect my emphasis related to security, but my general
> interest in maintaining is not limited to that. However, I experienced
> that in various security and forensics circles Arch Linux is often being
> used and people are frequently crying why some of their daily tools are
> not available in the official repositories.
> 
> If I became a TU, I would like to start with moving the following
> packages maintained by me to [community]: lynis, pyrit, binwalk,
> sslstrip, p0f, cowpatty, perl-term-extendedcolor, smali, volatility,
> vit, hexer.
> 
> Additionally I would love to also move some packages maintained by other
> users to [community] but currently its just an idea as I did not yet ask
> them what they think about this step: radare2, capstone, zmap, zaproxy,
> hydra, medusa, nikto, snort, foremost, xpdf, pngcrush, wavemon,
> python-colorama (+ python2-colorama).
> 
> On top of this I also had a look at the currently orphaned packages in
> [community] and I would like to adopt the following packages: ansible,
> awesome, cclive, codeblocks, fail2ban, fish, ncmpcpp, id3v2.
> 
> As a small fadeout, besides all of the above, my favorite hobbies are
> hanging around at the local CCC hackerspace in Hamburg, playing it-sec
> CTFs, watching animes, geocaching and playing boardgames.
> 
> Kind regards,
> Levente
> 
> [0] https://aur.archlinux.org/packages/?SeB=m&K=anthraxx
> [1] https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team
> [2]
> https://lists.archlinux.org/pipermail/arch-security/2014-September/000098.html
> [3] https://wiki.archlinux.org/index.php/CVE
> [4] https://wiki.archlinux.org/index.php/Security_Advisorie
> [5] https://lists.archlinux.org/listinfo/arch-security

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20150320/520800bd/attachment.asc>


More information about the aur-general mailing list