Tasks which need to be done
We've started a partial and informal list of tasks which need to be done. This is by no means a definitive or complete list of tasks, and is under constant change.
There is a list of Fedora Legacy Project positions which are available also. Feel free to volunteer to help fill any of these positions. Note: most positions can be filled by multiple (cooperating) people.
In addition, Pekka Savola maintains a list of bugs and packages which need attention at:
and broken down by OS versions at:
How To Participate
You're interested in participating in a community-driven project? That's great – we need helping hands in a couple of areas. Please check the following list to get an impression of what you might be able to do to help.
Please make sure to properly judge how much spare time you have to spend on this project. It is important to us that we can rely on you once you take on a certain task. Don't overestimate yourself – even if you think that you can only do a little thing for us, it's better to focus on that one thing and do it well instead of burdening yourself with a load of tasks which you can't fulfill. In turn, if you have plenty of time, we won't object if you take on more than one task at a time.
The following list of ways to participate is designed similar to the way a job description might be summarized. Try to match yourself to a job to find out how you might be best suited to help the project.
You are familiar with common security and vulnerability tracking mailing lists, ideally you're already subscribed to and reading some of the more important lists. Following the Red Hat advisories for current releases of Red Hat Enterprise Linux and Fedora Core is a must. Don't worry, you don't have to do this alone; vulnerability tracking is spread over various people.
Your task is to inform the fedora-legacy-list about vulnerabilities that affect versions of Red Hat Linux and/or Fedora Core which are currently supported by the project. If possible, you should open a bug ticket on Bugzilla for that specific vulnerability and describe what you've found out about it. If you're familiar with creating patches, this task can be linked well with the next one, but it's no problem if you stop here. For more information, see http://www.fedoraproject.org/wiki/Legacy/VulnerabilityTracking.
Vulnerability analyst and patch creator
You are familiar with reviewing code and creating patches.
Your task is to find out what needs to be done to eliminate a vulnerability. Check out what the authors have done, and check what others already did on the issue. In some cases it is a simple one liner. In other cases you might need to find the revision fixed in CVS and run a diff with the revision in the current tarball. This posting can help you to find out what policy might be appropriate. In any case, we require you to communicate with other people on the list and/or on IRC to establish a consensus on what needs to be done.
Test RPM packager
You are familiar with creating or adapting spec files and building RPMs.
Your task is to monitor (and participate) in the discussions on the mailing list and/or on IRC about a vulnerability and build up a spec file for an update package that includes any patches or updated tarballs that are needed to eliminate the vulnerability. Build a source RPM, create its md5sum and "gpg --clearsign" it, then upload it to a public server. Update the Bugzilla entry with the URL of the source RPM and inform the mailing list about your work.
You are a person who has a machine on which they can download and test package updates.
Your task is to download test packages and check that they build, install, and function correctly on a given platform. You then report your findings in Bugzilla.
For information on the QA process, see http://www.fedoraproject.org/wiki/Legacy/QATesting.
Publisher (Release Manager)
You are a person who can monitor the QA status of packages, decide when a package has been deemed to have passed the QA stage, and can generate the appropriate advisory description for the update.
Your task is to close the bugzilla ticket, move the package from the testing tree to the updates tree, and then create and send an advisory notice to the fedora-legacy-announce mailing list.
Your task is answering people's questions, providing input or suggestions to the project and its users, helping to edit and update wiki pages, submitting updates for the web site, etc.
You are someone who has resources that would be useful to the project, such as providing hosting, mirroring, etc.
Your task is to contact us (see below) to see if we can utilize the resources, and arrange for us to get access to them.
You are someone who is fluent in a language other than English who can translate documentation or package patches for the project.
Your task is to translate documentation to another language and submit it for inclusion, and/or to help with translation issues that may occur when updating a multilingual package.
You are someone who has knowledge of html, php, cvs, and web design or development, who wants to help maintain the web site.
Your task is to help write new web pages, update current web pages, and help maintain the wiki.
Press Contact/Public Relations
You are someone with experience in Public Relations and/or dealing with the Press, writing press releases, or doing interviews.
Your task is to help create press releases, provide interviews, and generally act as a liason with external groups for purposes of public relations.
Documentation Writer/Technical Writer
You are someone with the ability to write technical documentation and/or instructional material and documentation.
Your task is to help create and modify documentation such as web pages, wiki pages, instructional manuals, etc.
You are someone with an understanding of how to setup and maintain mirror sites.
Your task is to help others setup and maintain mirror sites, register mirror sites with the project, and help document the mirroring process.
More information on participating can be in the documentation at http://fedoralegacy.org/docs/ under Getting involved....
More information on using apt and yum can also be found in the documentation at http://fedoralegacy.org/docs/ under Getting started....
If you need to contact us about participation, please send an e-mail to firstname.lastname@example.org or use our mailing list.
The Fedora Legacy security contact is email@example.com.