[oi-dev] Security Work
Alasdair Lumsden
alasdairrr at gmail.com
Mon Jan 24 13:04:00 UTC 2011
Hi All,
I've put together two security resources (You'll need to be in the
security group of the wiki to see this - if you're a long standing
OI-Dev developer mail me offlist and we can discuss getting you access).
http://wiki.openindiana.org/display/security/Release+2010.02
http://wiki.openindiana.org/display/security/Security+Issues+with+oi_148
The initial supported list has expanded somewhat when critical
dependencies are taken into account:
Sendmail
Perl
Python
Apache
PHP
MySQL
Postgresql
Tomcat
GCC
OpenSSL
Java
RSync
ISC
Bash
Curl
GNU
bzip2
gzip
unzip
zip
wget
sudo
zlib
sqlite-3
libjpeg
libpng
apr
apr-util
expat
libltdl
libxml2
libxslt
ncurses
readline
tcl-8
tk-8
net-snmp
libx11
On the wiki page I still need to fill in their version and
consolidation, and update the security issues page for them - if anyone
else would like to help me do that, let me know (I'd appreciate it).
At the moment our staffing numbers to maintain this are quite low and as
such it's a lot of work. But as the saying goes, "many hands make light
work".
So I'd like to ask if anyone would object to me posting to
OpenIndiana-Discuss asking for security volunteers? We'll need to ensure
we get trustworthy people capable of helping rather than hindering.
I'm thinking volunteers would be best served by having a mentor, and
that we should group the software together by consolidation.
We may want to write a job spec and split it into two parts - one
"Monitoring and Alerting", for less technical people, and the other
"Patching and building" for those who can learn to build consolidations.
I'd appreciate feedback.
Cheers,
Alasdair
More information about the oi-dev
mailing list