Here is the status update for the Security team, wrt 2005 objectives. - Recruit new team members
We should have two new GLSA coordinators (on probation) as soon as the recruitment freeze is over. The objective for the rest of the year is to recruit more people in US/Pacific TZ to ensure a constant watch (most current GLSA coordinators are Europe-based). - Put new procedures in place to ensure kernel security This joint venture with the kernel team is quite advanced now. The kernel security subproject has been created and the Kernel Interactive Security Status system (KISS) is in beta phase. - Improve auditing The addition of Tavis Ormandy and Rob Holland to the auditors team was very beneficial, and the number of vulnerabilities found by the Gentoo Security Audit team now competes with the top other distribution audit teams (Debian, RedHat, SuSE). - Get official CVE compatibility We completed the first steps towards that goal. -- Thierry Carrez (Koon) Operational Manager, Gentoo Linux Security -- gentoo-dev@gentoo.org mailing list
