[aur-general] Trusted User application: Levente Polyak

Thu Mar 19 19:39:09 UTC 2015

Hello,
My name is Christian Rebischke. Maybe you read of me in the Archlinux-Security
Mailinglist too (when not Levente was faster than me with the ASAs again :D ). I
want to say some words to the application of Levente Polyak as Trusted User.
I am not familiar with the aur-general mailinglist so I hope that I don't break
some rules here. 

I know him personally since last year October and everything what I can say
about him is that he is a very helpful, intelligent and polite person. He is the
same person who showed me the Archlinux Security Mailinglist and helped me with
my first ASAs after I had decided to help there.

I am one of those persons he had mentioned and  I would really 
appreciate when there would be more security related packages in the community 
repository. Moreover I am sure that there are more people who would appreciate this.

To his work at the mailinglist. He makes an awesome job there. He reacts very
fast on updates in the upstream and in the repositories and is really interested
in a way how we can increase the performance and the workflow  even more. 
I am sure that his security tracker will make a good job in the future.

Thank your for your time.

best regards,

--------------------------------------------------------------
Christian Rebischke

Website    : www.nullday.de
Twitter    : @sh1bumi
Jabber     : shibumi at jabber.ccc.de
PGP        : 0x8D8172C8
Fingerprint: A224 6F57 FD0A AC81 3971 EEBE 5EDA 916B 3A2A 7C49
--------------------------------------------------------------

On Fri, Mar 20, 2015 at 01:44:01AM +0800, Felix Yan wrote:
> On 03/20/2015 01:05 AM, Levente Polyak wrote:
> > Hello everyone,
> > 
> > My name is Levente Polyak (also known as anthraxx) and I would like to
> > apply to become an Arch Linux TU. First at all I wanted to thank Felix
> > Yan for being my sponsor for this journey.
> 
> I'm glad to sponsor you Levente, and I think we are already familiar
> with your name on the security list.
> 
> Let the discussion begin!
> 
> --
> Felix
> 
> > I was born in 1986 in Budapest (Hungary) and I'm currently working as a
> > software developer and security engineer / pentester in Hamburg
> > (Germany). I use GNU/Linux since something around 2001 and over the
> > years collected lot of experience with different distributions and
> > setups, going from SUSE over Debian and Ubuntu to Gentoo (and some
> > others just for testing or education purpose). I was never fully
> > satisfied with any of those, however with Gentoo I became acquainted
> > with the concept of rolling releases which since then I don't wanted to
> > ever miss. Finally around 2011 I gave Arch Linux a try and within a very
> > short period of time I got fully addicted to its simplicity, flexibility
> > and up-to-dateness. It was the first distribution were I started to feel
> > like being "home" without having anything that annoyed me.
> > 
> > I started maintaining packages in the AUR in 2013 and it didn't took
> > long until I noticed that I evolved a passion for doing that. Since then
> > I adopted and submitted several tools and libraries [0] that I find
> > useful and/or use myself.
> > When I find packaging issues or software bugs I contact upstream about
> > the problems and/or contribute to the code directly. To name some:
> > binwalk, lynis, shellnoob, xortool, selene, minitube...
> > 
> > Besides my packaging activities I am very active in the Arch CVE
> > Monitoring Team [1] since the first security advisory proposal of Remi
> > [2]. As part of the team I track all relevant CVEs [3] which affect our
> > official packages, push mitigation for important issues via bug reports
> > and publish Arch Linux security advisories (ASA) [4] to the
> > arch-security mailing list [5]. I'm also interested in developing for
> > the Arch Linux ecosystem and as I noticed that the wiki became quite
> > painful for tracking and handling the mitigation procedure, I started
> > building a security tracker. If my current plan sum up I will be able to
> > provide a preview of this soonish.
> > 
> > My packages reflect my emphasis related to security, but my general
> > interest in maintaining is not limited to that. However, I experienced
> > that in various security and forensics circles Arch Linux is often being
> > used and people are frequently crying why some of their daily tools are
> > not available in the official repositories.
> > 
> > If I became a TU, I would like to start with moving the following
> > packages maintained by me to [community]: lynis, pyrit, binwalk,
> > sslstrip, p0f, cowpatty, perl-term-extendedcolor, smali, volatility,
> > vit, hexer.
> > 
> > Additionally I would love to also move some packages maintained by other
> > users to [community] but currently its just an idea as I did not yet ask
> > them what they think about this step: radare2, capstone, zmap, zaproxy,
> > hydra, medusa, nikto, snort, foremost, xpdf, pngcrush, wavemon,
> > python-colorama (+ python2-colorama).
> > 
> > On top of this I also had a look at the currently orphaned packages in
> > [community] and I would like to adopt the following packages: ansible,
> > awesome, cclive, codeblocks, fail2ban, fish, ncmpcpp, id3v2.
> > 
> > As a small fadeout, besides all of the above, my favorite hobbies are
> > hanging around at the local CCC hackerspace in Hamburg, playing it-sec
> > CTFs, watching animes, geocaching and playing boardgames.
> > 
> > Kind regards,
> > Levente
> > 
> > [0] https://aur.archlinux.org/packages/?SeB=m&K=anthraxx
> > [1] https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team
> > [2]
> > https://lists.archlinux.org/pipermail/arch-security/2014-September/000098.html
> > [3] https://wiki.archlinux.org/index.php/CVE
> > [4] https://wiki.archlinux.org/index.php/Security_Advisorie
> > [5] https://lists.archlinux.org/listinfo/arch-security
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20150319/0d6b1fe3/attachment.asc>