The Gentoo Security Team has updated the Security Padawans process and status document with one relatively minor change. New padawans are now explicitly asked to use IRC for questions whenever possible instead of pinging individual team members.
This is in part because the security team has seen a huge surge in new recruits–which is of course a very good problem to have–and secondarily it benefits everyone to see questions answered in the open.
So if you’re a padawan, interested in becoming one, or just want to get a better understanding of how we work, drop into #gentoo-security on freenode.
When someone volunteers on the security team, the first role they are asked to fill is that of a “Scout.” In this role, they primarily work to learn of newly disclosed vulnerabilities, determine if it applies to Gentoo, verify that a bug does not already exist, and then open bugs as appropriate. I wish I could say that this job is out-of-this-world-fantastic-fun. But that just isn’t always the case. At the same time I think that done right, it doesn’t have to be that bad.
So what does “done right” even mean? I am not sure. I can only tell you what “right” means for me, and some of the things I’ve done in recent months to learn of new issues quickly without being buried beneath an unactionable mound of email. I should mention too that I don’t think this is a conclusive list that will work wonders for everyone. Certainly not. So if you’re doing something similar that works well for you, please do let me know about it.
So all that said, let’s dive into it…
Continue reading Gentoo Security Team: Scouting Tips