Take a step forward from user to maintainer or developer in open source security related tools
1 like259 views
The document outlines the evolution from users to maintainers/developers in open source security tools, highlighting the roles and responsibilities at each stage. It discusses the principles of the Debian Free Software Guidelines and the importance of license compliance, sustainability, and quality assurance in maintaining security-related software. Additionally, it encourages involvement in the Debian security tools packaging team, providing links to resources for new maintainers.
![Debian Teams [8]Debian Teams [8]](https://image.slidesharecdn.com/takeastepforwardfromusertomaintainerordeveloperinopensourcesecurity-relatedtools-190825152120/85/Take-a-step-forward-from-user-to-maintainer-or-developer-in-open-source-security-related-tools-28-320.jpg)
![Debian Security Tools Packaging Team [6]Debian Security Tools Packaging Team [6]
Task description:
• Maintain correctly all security related tools.
• Merge back tools packaged by security-oriented Debian derivatives.
src: https://salsa.debian.org/groups/pkg-security-team/-/group_members](https://image.slidesharecdn.com/takeastepforwardfromusertomaintainerordeveloperinopensourcesecurity-relatedtools-190825152120/85/Take-a-step-forward-from-user-to-maintainer-or-developer-in-open-source-security-related-tools-29-320.jpg)
![ReferencesReferences
[1] https://resources.github.com/whitepapers/introduction-to-innersource/
[2]https://dirkriehle.com/wp-content/uploads/2018/05/Inner-Source-Ten-
Years.pdf
[3]https://www.oreilly.com/programming/free/files/getting-started-with-
innersource.pdf
[4]
http://events17.linuxfoundation.org/sites/events/files/slides/OpenSourceSum
mitJP_2017_V01.pdf
[5] https://www.debian.org
[6] https://wiki.debian.org/Derivatives
[7] https://wiki.debian.org/Teams/pkg-security
[8] https://wiki.debian.org/Teams](https://image.slidesharecdn.com/takeastepforwardfromusertomaintainerordeveloperinopensourcesecurity-relatedtools-190825152120/85/Take-a-step-forward-from-user-to-maintainer-or-developer-in-open-source-security-related-tools-42-320.jpg)
Take a step forward from user to maintainer or developer in open source security related tools
- 1. Take a step forward from user to maintainer/ developer in open source security-related tools Take a step forward from user to maintainer/ developer in open source security-related tools SZ Lin (林上智)
- 2. /WHOAMI/WHOAMI SZ LIN (林上智) Debian Developer Cybersecurity Fundamentals Specialist ISA/ IEC 62443 Blog - https://szlin.me
- 3. Open Source Security ToolsOpen Source Security Tools src: http://www.capstone-engine.org/src: https://nmap.org/ src: http://www.unhide-forensics.info/src: https://virustotal.github.io/yara/ src: http://www.aircrack-ng.org/ src: http://www.openvas.org src: http://www.chkrootkit.org/http://w3af.org/
- 4. It’s a trend to use open source software; however…
- 8. Evolution of Open Source ParticipantEvolution of Open Source Participant User Contributor Maintainer Developer Explicit Borderline Explicit BorderlineImplicit Borderline Knows and uses software Help with comments, feedback Provide small features, bug fixes Submit patches to maintainer Provide big features, bug fixes Submit patches with limited commit rights Formally: Has commit with unlimited rights Perform bulk of work; quality assurance
- 9. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
- 12. Debian Developer LocationsDebian Developer Locations
- 14. Debian DerivativesDebian Derivatives • Ubuntu • Popularizing Linux around the world • Grml • Live system for system administrators. • Purism PureOS • FSF-endorsed rolling release, focused on privacy, security and convenience. • Tails • Preserve privacy and anonymity • Parrot • Security, development and privacy in mind. • Kali Linux • Security auditing and penetration testing.
- 15. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
- 16. The Debian Free Software GuidelinesThe Debian Free Software Guidelines 1 Free Redistribution 可自由修改並再散佈 2 Source Code 需具備原始碼, 並能夠被編譯 3 Derived Works 允許被修改並產生衍生產品 4 Integrity of The Author's Source Code 原創作者原始碼的完整性 5 No Discrimination Against Persons or Groups 不得對任何人或團體有差別待遇 6 7 Distribution of License 散布授權條款 8 License Must Not Be Specific to a Debian 授權條款不得專屬於 Debian 9 License Must Not Restrict Other Software 授權條款不得限制其他軟體 10 Example Licenses 許可證示例 No Discrimination Against Fields of Endeavor 在任何領域內的利用不得有差別待遇
- 17. “Commons Clause” License Condition v1.0 The Software is provided to you by the Licensor under the License, as defined below, subject to the following condition. Without limiting other conditions in the License, the grant of rights under the License will not include, and the License does not grant to you, right to Sell the Software. For purposes of the foregoing, “Sell” means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including without limitation fees for hosting or consulting/ support services related to the Software), a product or service whose value derives, entirely or substantially, from the functionality of the Software. Any license notice or attribution required by the ense must also include this Commons Cause License Condition notice. src: https://commonsclause.com/
- 19. src: https://redislabs.com/blog/redis-labs-modules-license-changes/ src: https://redislabs.com/community/licenses/ *Note: This is not an open-source license.
- 20. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
- 21. Debian Long Term SupportDebian Long Term Support
- 22. Debian Package Auto-BuildingDebian Package Auto-Building
- 23. Debian CI SystemDebian CI System
- 24. Debian Reproducible BuildsDebian Reproducible Builds src: https://tests.reproducible-builds.org/debian/reproducible.html
- 25. Debian Packages TrackerDebian Packages Tracker
- 26. Confidential Good system security Everything is open Usually, fixed packages are uploaded within a few days Stability unstable → testing → stable Scalability Server, Desktop, Laptop, Embedded devices Long term support 5 more years by Debian-LTS project (i386, amd64, armel and armhf) Multiple architectures alpha, amd64, armel, armhf, aarch64, hppa, i386, ia64, mips, mipsel, powerpc, s390, and spar Why Debian ?Why Debian ? Incredible amounts of software Debian comes with over 59000 different pieces of software with free 26
- 27. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
- 28. Debian Teams [8]Debian Teams [8]
- 29. Debian Security Tools Packaging Team [6]Debian Security Tools Packaging Team [6] Task description: • Maintain correctly all security related tools. • Merge back tools packaged by security-oriented Debian derivatives. src: https://salsa.debian.org/groups/pkg-security-team/-/group_members
- 30. Team-Maintained PackagesTeam-Maintained Packages src: https://qa.debian.org/developer.php?email=team%2Bpkg-security%40tracker.debian.org
- 31. Version Control SystemVersion Control System src: https://salsa.debian.org/pkg-security-team
- 32. Team IRC ChannelTeam IRC Channel Public IRC channel: #debian-pkg-security on irc.debian.org (OFTC)
- 33. Team Mailing ListTeam Mailing List src: https://lists.debian.org/debian-security-tools/
- 34. Let’s Get InvolvedLet’s Get Involved src: https://wiki.debian.org/Teams/pkg-security
- 35. Case Study
- 40. ResourcesResources • Debian 新維護人員手冊 • https://www.debian.org/doc/manuals/maint-guide/ • Debian 套件打包教學指南 • https://www.debian.org/doc/manuals/packaging-tutorial/packaging- tutorial.zh_TW.pdf
- 42. ReferencesReferences [1] https://resources.github.com/whitepapers/introduction-to-innersource/ [2]https://dirkriehle.com/wp-content/uploads/2018/05/Inner-Source-Ten- Years.pdf [3]https://www.oreilly.com/programming/free/files/getting-started-with- innersource.pdf [4] http://events17.linuxfoundation.org/sites/events/files/slides/OpenSourceSum mitJP_2017_V01.pdf [5] https://www.debian.org [6] https://wiki.debian.org/Derivatives [7] https://wiki.debian.org/Teams/pkg-security [8] https://wiki.debian.org/Teams
- 43. Debian Security Tools Packaging Team Package Tracker Debian Security Tools Packaging Team Package Tracker