What can I do to help ?
There are different areas where you can help the Ubuntu Security Team.
Help on the mailing list and the IRC channel
You can lend a hand with people's questions and problems on the mailing list and the IRC channel:
subscribe to ubuntu-hardened mailing list.
- hang out in #ubuntu-security (aka #ubuntu-hardened) on the Freenode IRC.
participate in IRC workshops on security during UbuntuDeveloperWeek
Test security features
Testing the existing security features of Ubuntu can done to improve both documentation and to help find bugs. You can also test and participate in the development of new security features that are being developed.
Find security bugs
Find new security issues in existing Ubuntu software. If you find something, file a bug.
Triage security bugs
Go through the list of security bugs in Ubuntu, and triage them.
Fix security bugs
Review open security bugs, find/write patches, build and test the fixes. Providing patches for security vulnerabilities is an excellent way to learn about Ubuntu processes and develop the skills necessary to become an Ubuntu developer. Please see UpdateProcedures for details.
Ubuntu shares many of the same source packages as Debian, so in addition to applying patches to Ubuntu from upstream sources, people can also get involved by performing merges from Debian. A list of potential candidates can be found in the D2U CVE tracker. For more information on merging, see UbuntuDevelopment/Merging.
The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.
Develop new security features
The Wishlist section of the Roadmap has many great ideas for new improvements to be made to Ubuntu's security.
How to become a member of the Ubuntu Security Team
The Ubuntu Security Team really consists of four sub-teams:
motu-swat: this team creates and tests security updates in Universe packages
- to become a member, help with Universe security updates for a while, and then get the approval of one of the team administrators.
ubuntu-hardened: this team develops and tests proactive security features in Ubuntu.
to become a member, just apply for membership
ubuntu-whitehat: this team is dedicated to "do not harm" while auditing and testing Ubuntu software and infrastructure, looking for new security issues
to become a member, see the UbuntuWhiteHat wiki pages.
ubuntu-security: this is a closed team responsible for performing security update publications