Re: security team?

[ Thread Index | Date Index | More lists.tuxfamily.org/slitaz Archives ]


On Wed, Apr 8, 2009 at 12:54 AM, jesseblehman@xxxxxxxxx
<jesseblehman@xxxxxxxxx> wrote:
> Thank you very much.  I'm very sick today, but as soon as I can concentrate
> I'll get things started.  I'd love to get this going :)
>
> Jesse
>
> On Wed, 8 Apr 2009, Christophe Lincoln wrote:
>
>>
>>> Hello all!
>>
>> Hi,
>>
>>> I really enjoy using SliTaz.  The combination of excellent packaging
>>> tools and an elegant design makes it the perfect distro for me to
>>> tweak and mess around with.  However, I have an idea that might
>>> improve the distro.  I think that it would be awesome to have a
>>> security page on SliTaz Labs and a security response team to maintain
>>> it.  When one of the packages in the SliTaz repos released a security
>>> update, a team member would add an issue to the Labs page and start to
>>> work on packaging the patched version.  The patched package could be
>>> put online in a seperate space until the package maintainer had time
>>> to look at and approve it.
>>
>> A realy, realy good initiative! We tried to do our best for 1.0 and the
>> 450 packages, but now with ~1400, we need a security maintainer and
>> team.
>>
>>> I would be happy to start this and start getting things patched.  This
>>> seems like a really good way to keep SliTaz safe from preventable
>>> security issues.
>>>
>>> What are your thoughts?
>>
>> If you ok, I will create a new project on the Labs (sub-project of
>> distro), with default settings. You just have to create an account on
>> the Labs to be able configure and manage the security project.
>>
>>> Jesse Lehman
>>
>> Welcome in the project,
>> - Christophe


I think this is a great idea and would definitely improve SliTaz.
Perhaps as a start you could describe how the process might work, from
how you're notified of packages needing security fixes, through to an
updated version of that package being available?  Perhaps the process
could be modeled on the approach already taken by other distributions?

It would be useful to somehow get a list of installed packages for
which security issues have been identified.


Regards,

Russell Dickenson
Australia

---
SliTaz GNU/Linux Mailing list - http://www.slitaz.org/


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/