DragonFly Security Officer and Security Team
Devon H. O'Dell
dodell at sitetronics.com
Wed Nov 17 08:27:14 PST 2004
``Who can act as a security officer and participate in a security team
for our project?''
This is a question that I've discussed before with the members of
#DragonFlyBSD when I joined the project. At the time, it seemed to be
considered a bit of an unnecessary position. I think as our project
grows, we will need to formalize this matter a bit. There are good,
specific reasons to organize a team and a head for this matter; it makes
inter-project communication regarding security vulnerabilities easier
Unfortunately, obscurity is critical when a vulnerability is discovered.
As it stands, it is difficult to find anybody to contact privately when
such a matter is revealed. It may or may not be obvious to some who the
head developers of the project are and it may or may not be obvious
whether or not they have time to deal with the issue.
I think formalization of this issue is in order. I certainly have time
to work in a team and I can probably even allocate enough to act as an
officer, but I'm not a committer and have contributed relatively little
to the project code-wise (the lockf(2) patch being virtually everything,
disregarding installer work and giving my 2 cents on every subject
that's discussed on IRC), so I'm not sure that I am the most qualified
person for either of these positions.
I'm certainly up for serving as either (officer / team member) and
failing either would certainly work to coordinate the gathering of a
team which is qualified for such a position.
I hope we can get something worked out with this.
Devon H. O'Dell
More information about the Kernel