What can I do to help ?

There are different areas where you can help the Ubuntu Security Team.

Help on the mailing list and the IRC channel

You can lend a hand with people's questions and problems on the mailing list and the IRC channel:

Write documentation

FAQ items and KnowledgeBase areas need to be written. See the Roadmap for details.

Test security features

Testing the existing security features of Ubuntu can done to improve both documentation and to help find bugs. You can also test and participate in the development of new security features that are being developed.

Find security bugs

Find new security issues in existing Ubuntu software. If you find something, file a bug.

Triage security bugs

Go through the list of security bugs in Ubuntu, and triage them.

Fix security bugs

Review open security bugs, find/write patches, build and test the fixes. Providing patches for security vulnerabilities is an excellent way to learn about Ubuntu processes and develop the skills necessary to become an Ubuntu developer. Please see UpdateProcedures for details.

Ubuntu shares many of the same source packages as Debian, so in addition to applying patches to Ubuntu from upstream sources, people can also get involved by performing merges from Debian. A list of potential candidates can be found in the D2U CVE tracker. For more information on merging, see UbuntuDevelopment/Merging.

Highlighted packages:

The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See the available merges and SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see SecurityTeam/GettingInvolved.

Develop new security features

The Wishlist section of the Roadmap has many great ideas for new improvements to be made to Ubuntu's security.

How to become a member of the Ubuntu Security Team

The Ubuntu Security Team really consists of four sub-teams:

  • motu-swat: this team creates and tests security updates in Universe packages

    • to become a member, help with Universe security updates for a while, and then get the approval of one of the team administrators.
  • ubuntu-hardened: this team develops and tests proactive security features in Ubuntu.

  • ubuntu-whitehat: this team is dedicated to "do not harm" while auditing and testing Ubuntu software and infrastructure, looking for new security issues

  • ubuntu-security: this is a closed team responsible for performing security update publications


SecurityTeam/GettingInvolved (last edited 2011-09-12 15:44:13 by jdstrand)