From Fedora Project Wiki

No edit summary
No edit summary
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{draft}}
{{draft}}
== Mission ==
To create a training program that creates competent, trusted members of the [[Security Team]] that can handle most every situation that could come their way.
== Background ==
When the [[Security Team]] was created we were forced to guess at what skills were needed and who would be right to work on potentially sensitive cases.  That was a bad way to start ''but'' I believe we're now beyond guessing.


== Requirements to be met ==
== Requirements to be met ==
=== Skills ===
=== Introduction ===
* [[Using security tracking features in Bugzilla]] and [[Security Bugs]]
Send the following information to the [https://lists.fedoraproject.org/mailman/listinfo/security Security Team mailing list].
* [[Understand CVEs]]
* Name (pseudonym) and FAS ID
* [[Understanding Packaging Process]] and [[Packaging Policies]]
* GPG Key Fingerprint (attach GPG public key to email)
* [[Basic Understanding of Software and System Security Principles]]
* Interests
* Why do you want to join the [[Security Team]]?


=== Time in Service ===
== Reading ==
* [[Security Team Mission]]
* [[Security Team Goals]]
* [[Security Team Work Flow]]
* [[Policy_for_nonresponsive_package_maintainers|Non-Responsive Maintainer Policy]]
* [[Packaging:Guidelines| Packaging Guidelines]] (You don't need to read all of this, but you need to know how to find it)


=== Trustworthiness ===
== Training ==


== Completing the requirements ==
* [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/ RHEL 7 Security Guide]
* [https://access.redhat.com/security/updates/classification Red Hat Security Classification]
* [https://cve.mitre.org/about/faqs.html CVE FAQ]
* [http://www.candlepinproject.org/presentations/pki-crash-course PKI Course]


== Resources ==
== On-the-job Training ==
* Shadow mentor through a ticket and patch process.
* Lead ticket and patch process with mentor shadowing.


=== Security Training ===
[[Category:Security Team]]
* [https://fedoraproject.org/wiki/Information_Security_Training Information Security Training]
=== Packaging Policies and Procedures ===
* [https://fedoraproject.org/wiki/Join_the_package_collection_maintainers?rd=PackageMaintainers/Join Becoming a Packager]
* [http://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers Non-Responsive Maintainer Policy]
=== CVE Description and Use ===
* [https://cve.mitre.org/ CVE Central]

Latest revision as of 15:24, 18 February 2021

Warning.png
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.

Requirements to be met

Introduction

Send the following information to the Security Team mailing list.

  • Name (pseudonym) and FAS ID
  • GPG Key Fingerprint (attach GPG public key to email)
  • Interests
  • Why do you want to join the Security Team?

Reading

Training

On-the-job Training

  • Shadow mentor through a ticket and patch process.
  • Lead ticket and patch process with mentor shadowing.
Retrieved from "https://fedoraproject.org/w/index.php?title=Security_Team_Apprenticeship&oldid=605380"