# Gentoo Linux Security Team

## Koon

Hello everyone,

This topic will introduce you to the Gentoo Linux Security Team, what it does and what help we need, as well as giving a few useful pointers.

The Gentoo Linux Security project is tasked with timely resolution of security issues in software provided through the Portage tree. That's our main task, reaction to known issues and confidential ones, pushing Gentoo package maintainers and arch teams to provide fixed stable ebuilds and issuing GLSAs. We also do preventive actions through our Audit subproject. We do not handle Gentoo Infrastructure security, other than giving expert advice when we're asked.

The main information point for Gentoo Security is the Gentoo Security page. You will find recent GLSAs, instructions on how to submit security problems and all online pointers on this main page :

http://security.gentoo.org/

Unfortunately, we don't have as much free time as we would want, and we don't follow the forums very closely. If you notice a new vulnerability, or an error in a published GLSA, you should submit a new bug in Gentoo Bugzilla and we'll handle it. Vulnerabilities must be filed under Product=Gentoo Security and Component=Vulnerabilities. GLSA errors should be filed under Product=Gentoo Security and Component=GLSA Errors.

We follow a precise policy when handling these vulnerabilities. Our process is completely open, except when handling non-public vulnerabilities that are sent to us on condition that we do not publish them before a specific date. You can observe and join us on the #gentoo-security Freenode IRC channel, where all Security members hang out.

You might wonder what you can do to help us. We mostly need GLSA Coordinators, to scout for new security bugs, draft and review GLSAs, handle security bugs and publish GLSAs. This job needs a small but constant commitment, as you will be assigned security bugs that need updating at least once per day. You start as a scout, submitting new vulnerability bugs in Bugzilla and helping solving security issues, to finally be appointed as a Gentoo Security developer and send GLSAs under your own name. You can learn about the security recruitment process at the Security Padawans page.

If you are interested to join, please read the GLSA Coordinators Guide to see what the job really is about, drop an email to security@gentoo.org with your name and background, and start to submit new vulnerabilities and help on existing bugs (search for bugs owned by security@gentoo.org).

Thanks for your attention  :Smile: 

-- 

Koon

Operational Manager, Gentoo Linux Security

----------

## luca

Is there something like

```
emerge security
```

which only updates software related to security ?

LuCa

----------

## aqu

read security docs next time :/

---EDITED---

first emerge gentoolkit

```
emerge gentoolkit
```

---EDITED---

```
glsa-check -t all
```

to check on which bugs your system is affected

```
glsa-check -p $(glsa-check -t all)
```

to check which packages will be emerged

```
glsa-check -f $(glsa-check -t all)
```

to emerge those upgrades

----------

## desultory

Split off "Handling GLSAs when no upgrade path is evident.".

----------

