Growing the Ubuntu Security Team community
As the Ubuntu SecurityTeam wiki pages grow, we need to build the community. Discuss improvements to the GettingInvolved and FAQ pages, as well as another other methods to help grow the security community around Ubuntu.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Marc Deslauriers
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
- Informational
- Milestone target:
- None
- Started by
- Completed by
Whiteboard
* Current Status
* contributions to universe updates
* perhaps take advantage of the fact that people can hone their skills
through security work
* contributions to main updates
* contributions to proactive security features
* SecurityTeam/
* Brainstorm on community participation
* IRC workshops?
* Blogs?
* "Universe packages of the week?"-- this would help, but only if you are
also available (we'll be in #ubuntu-security on ...)
* leverage the community team to get the information out
* Better tools?
* communication about needed apparmor profiles could be improved
* some focused event like suspend/resume with kernel team or maybe hug days.
this could be done with apparmor profiles ('Apparmor Week')
* always participate in Ubuntu Developer Week
* participate with security documentation
* maybe talk about what our needs are (eg universe, apparmor profiles, etc)
* participate with Hall of Fame or 5-a-day
* harvest
* get 6 month/yearly report and publish it to make security team more
visible
* automated test cases could be created for each release (autohotkey for
Windows allows to replay GUI actions for testing a PoC)
* perhaps look into applications to replay actions
* have a ppa to pull profiles from profile repositories and make them
available
* communicating the security team's needs can be handled (in part) by the
community team
* make testing very easy
* make-test-tarball is a start, butalso need to
create VMs easily. vm-tools is a start, but needs to be even easier (maybe
grab an image from somewhere...)
* Partici
* Philosophy
* be interested in them personally first (eg, ask them their opinion)
* go to IETF and talk up Ubuntu to attract security people (as opposed to
community people)
* possibly bring people in as consultants so they are interested in developing
on Ubuntu
* work closely with Debian
* focus and ask what is keeping people from adopting Ubuntu
* talk to server team about a survey about features. many of these will likely
be security features
* we should also identify several areas where we become experts and give all
the information-- eg if a salesperson is in front of a potential client and
is asked 'tell me about all your logging software' or 'tell me all the ways
you handle user credentials and authentication'
* Review the security wiki
- What works
- What doesn't
- What's missing
* New features
* auditd
* booth or presence at RSA conference
* user-friendly credentials management