DragonFly BSD
DragonFly kernel List (threaded) for 2004-11
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: DragonFly Security Officer and Security Team


To: "Devon H. O'Dell" <dodell@xxxxxxxxxxxxxxx>
From: Hiten Pandya <hmp@xxxxxxxxxxxxx>
Date: Thu, 18 Nov 2004 17:35:38 +0000

It is not just about picking committers with free time and better understanding of code. The people elected should have more than adequate knowledge of security concepts.

To conclude, all I am saying is that such a team is not necessary right now; but... when we do plan on creating such a team, I would rather put people with proven track record in security related things and just anyone. I do not mean to offend anyone's attempt at contribution or giving their time.

Kind regards,

Hiten Pandya

Devon H. O'Dell wrote:
Hello all,

``Who can act as a security officer and participate in a security team for our project?''

This is a question that I've discussed before with the members of #DragonFlyBSD when I joined the project. At the time, it seemed to be considered a bit of an unnecessary position. I think as our project grows, we will need to formalize this matter a bit. There are good, specific reasons to organize a team and a head for this matter; it makes inter-project communication regarding security vulnerabilities easier and safer.

Unfortunately, obscurity is critical when a vulnerability is discovered. As it stands, it is difficult to find anybody to contact privately when such a matter is revealed. It may or may not be obvious to some who the head developers of the project are and it may or may not be obvious whether or not they have time to deal with the issue.

I think formalization of this issue is in order. I certainly have time to work in a team and I can probably even allocate enough to act as an officer, but I'm not a committer and have contributed relatively little to the project code-wise (the lockf(2) patch being virtually everything, disregarding installer work and giving my 2 cents on every subject that's discussed on IRC), so I'm not sure that I am the most qualified person for either of these positions.

I'm certainly up for serving as either (officer / team member) and failing either would certainly work to coordinate the gathering of a team which is qualified for such a position.

I hope we can get something worked out with this.

Kind regards,

Devon H. O'Dell



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]