User:Sam/Security

This page is intended to provide useful resources for performing security project work in Gentoo (e.g. identifying vulnerable packages, finding bugs to triage).

= Bundled libraries =

I started a list of such packages.

= Sources = See this page for sources of new release information.

= Bugzilla =

Searches

 * Waiting for an ebuild (upstream have released a fixed version)
 * Patch available may want to wait for new release (ask maintainer)
 * Waiting for upstream (may have been fixed since last checked, meaning we may change to upstream/ebuild or ebuild if a release was made)
 * Waiting to stable (maintainer may or may not have told us to wait, sometimes we need to ping and ask if no comment from them and been a little while)
 * Stabilisation (note that sometimes we need to ping arches if it's been a while, sometimes people forget to change the whiteboard to this, or sometimes stable is done and we need to change to cleanup)

= Repology = Note that Repology isn't necessarily accurate: we may have patched vulnerabilities or already have open bugs, but it's a good sanity check.

We may need to create bugs for issues flagged up by this.


 * Potentially vulnerable
 * Potentially vulnerable and out of date
 * maintainer-needed packages (all, not necessarily vulnerable, but it is particularly worth checking the ChangeLog for these)
 * maintainer-needed (potentially vulnerable)