[oi-dev] Security Work

Garrett D'Amore garrett at nexenta.com
Mon Jan 24 16:39:35 UTC 2011 

Please make sure I get any security notices for things that are relevant
to illumos or ON.

	- Garrett

On Mon, 2011-01-24 at 13:04 +0000, Alasdair Lumsden wrote:
> Hi All,
> 
> I've put together two security resources (You'll need to be in the 
> security group of the wiki to see this - if you're a long standing 
> OI-Dev developer mail me offlist and we can discuss getting you access).
> 
> http://wiki.openindiana.org/display/security/Release+2010.02
> 
> http://wiki.openindiana.org/display/security/Security+Issues+with+oi_148
> 
> The initial supported list has expanded somewhat when critical 
> dependencies are taken into account:
> 
> Sendmail
> Perl
> Python
> Apache
> PHP
> MySQL
> Postgresql
> Tomcat
> GCC
> OpenSSL
> Java
> RSync
> ISC
> Bash
> Curl
> GNU
> bzip2
> gzip
> unzip
> zip
> wget
> sudo
> zlib
> sqlite-3
> libjpeg
> libpng
> apr
> apr-util
> expat
> libltdl
> libxml2
> libxslt
> ncurses
> readline
> tcl-8
> tk-8
> net-snmp
> libx11
> 
> 
> On the wiki page I still need to fill in their version and 
> consolidation, and update the security issues page for them - if anyone 
> else would like to help me do that, let me know (I'd appreciate it).
> 
> At the moment our staffing numbers to maintain this are quite low and as 
> such it's a lot of work. But as the saying goes, "many hands make light 
> work".
> 
> So I'd like to ask if anyone would object to me posting to 
> OpenIndiana-Discuss asking for security volunteers? We'll need to ensure 
> we get trustworthy people capable of helping rather than hindering.
> 
> I'm thinking volunteers would be best served by having a mentor, and 
> that we should group the software together by consolidation.
> 
> We may want to write a job spec and split it into two parts - one 
> "Monitoring and Alerting", for less technical people, and the other 
> "Patching and building" for those who can learn to build consolidations.
> 
> I'd appreciate feedback.
> 
> Cheers,
> 
> Alasdair
> 
> 
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> http://openindiana.org/mailman/listinfo/oi-dev

More information about the oi-dev mailing list