When someone volunteers on the security team, the first role they are asked to fill is that of a “Scout.” In this role, they primarily work to learn of newly disclosed vulnerabilities, determine if it applies to Gentoo, verify that a bug does not already exist, and then open bugs as appropriate. I wish I could say that this job is out-of-this-world-fantastic-fun. But that just isn’t always the case. At the same time I think that done right, it doesn’t have to be that bad.
So what does “done right” even mean? I am not sure. I can only tell you what “right” means for me, and some of the things I’ve done in recent months to learn of new issues quickly without being buried beneath an unactionable mound of email. I should mention too that I don’t think this is a conclusive list that will work wonders for everyone. Certainly not. So if you’re doing something similar that works well for you, please do let me know about it.
So all that said, let’s dive into it…