#41 Outreachy : fedora security dashboard
Opened a year ago by huzaifas. Modified 7 months ago

This is a proposed project for Outreachy. Note that once this ticket is
approved you will have to register as a mentor on the Outreachy page
and enter this information again. Many of these questions are based on
the application on the Outreachy website.

  • One-line name
    Fedora Security dashboard
    -- Short title for this internship project proposal.
    Create a web-dashboard which shows the status of open security flaws against various fedora versions and their components.
  • Longer description of project
    The Red Hat Product Security team creates Fedora Security tracking bugs which are resolved by package maintainers. The bugs may stay open for long time though. The idea of the dashboard is to make the current status of fedora security public via graphs so that we know which components are affected by how many flaws of what impact.
    Also Pkgs may be removed from fedora when they dont fix bugs. The dashbaord should show that as well.
    Lastly a plugin like interface is preferred where new features can be added with minimal coding.
  • License of the project
    GNU General Public License v3.0
  • Longevity (How long has the team accepted contributions)
    This is a new project.
  • Community size
    Fedora users/contributors
  • How will this project benefit Fedora
    This is going to help reboot the Fedora Security team, make the distribution more secure!
  • Sample plan of work for the 12 week internship. What are milestones the
    intern should be hitting?
    Study briefly how open source security works and how Red Hat/Fedora fits in.
    Study bugzilla XMLRPC/(or whatever interface is available) and how it can be used.
    Work on the the design of the dashboard.
    Implement a basic design and get feedback.
    Expand the design using the plugin structure.
  • Benefits to intern (What will the intern get out of this internship)
    Learn Open Source Security
    Learn how Linux distributions deal with Security
    Web application development right from design to implementation phase.
  • Project website
    Currently none
  • Project repo
    Currently none.
  • Where can an applicant find application tasks?
    Currently none, but i can create a pagure or a github repo soon.
  • IRC
    freenode #fedora-security
  • Skills required including what level and if they are optional
    Python
    Probably a framework like Django
  • Outreachy applicants are required to make a contribution as part of the
    application. What is the process for making a contribution?
    Make a minimal dashboard which shows a pie chart of currently open security flaws, with colors to indicate impact. I can share more details later.
    Questions from the top level Outreachy Program for the mentor application:
  • How long have you been contributing to the community:
    Around 9 years
  • What is your current role
    Pkg maintainer, trying to reboot fedora security team.
  • Have you mentored for a three-month internship program before
    No
  • Have you read the mentor page and understand the process of being a mentor
    Yes
  • Are you available for 5 hours a week during the internship period
    Yes
  • Are you available for 5-10 hours a week during the application period
    Yes
  • Are you aware you need to sign a mentor contract
    Yes

Seems like i have missed the current round of projects, so i am ok with submitting this for the next round, which i think is May?

Thanks for submitting this. We've closed projects for this round but we can keep this around and follow up for the next round which runs May-Aug

Metadata Update from @labbott:
- Issue tagged with: Outreachy

a year ago

Looking at this again, this sounds like it could be a good fit if we give it a bit more structure. From experience, participants work better on a project like this if there's some code and structure already built in. Do you have a skeleton project or something else an applicant could use to get started? Outreachy also requires applicants to make a contribution, what do you have in mind for applicant tasks?

hi. I like the idea proposed by @huzaifas . Is there a possibility of 2 mentors being alotted for a single project. I would love to mentor for this as well.

hi. I like the idea proposed by @huzaifas . Is there a possibility of 2 mentors being alotted for a single project. I would love to mentor for this as well.

sure, you are most welcome to contribute. I intend to create a github project over the weekend and try to start some work, so that our mentees may have a starting point.

Hi! I'm interested in working on this, and I have a couple of ideas for how we can design the dashboard.
I don't see it listed on the Outreachy page though. Has it been confirmed yet?

Hi! I'm interested in working on this, and I have a couple of ideas for how we can design the dashboard.
I don't see it listed on the Outreachy page though. Has it been confirmed yet?

Hi Vaishnavi,

Thank you for your interest, i think this needs to be accepted by fedora first before it is listed on the outreachy page. Also i intend to do a mock up or a some code commit over the weekend (most likely) so that it can get you started.

I created a pagure project at: https://pagure.io/fedora-security-dashboard and a graph which needs to be generated using bz at:
https://pagure.io/fedora-security-dashboard/blob/master/f/mockup-images/fedora-crit-imp.png

@labbott I hear that as a part of outreachy project, students needs to do an initial commit before the actual project starts. I want to use this image as the initial project, with the aim to generate this via the public bugzilla data and some sort of python/ruby/etc script to generate the graph.

Can you list at least 5 issues in the issue tracker that an applicant could work on? We're already a week into the application period so we really need to make sure we have everything in line.

Can you list at least 5 issues in the issue tracker that an applicant could work on? We're already a week into the application period so we really need to make sure we have everything in line.

@labbott done, pls let me know if i need to do anything else.

Those look like tasks for the internship period but I'm not sure those are the right task for an applicant. If I were an applicant applying for Outreachy for the first time, I would not know how to get started on any of them because there are multiple steps involved.

I still really like this idea for an Outreachy project but I'm concerned it's still under specified given there's not much in the way of sample code and the intern would be writing anything from scratch. It might be best to put this off for another round until we've got the requirements completely nailed down.

@huzaifas,

Count me in as a mentor ( and former member of the security team ) , once this gets the blessings needed.

Hi,

We're mid way through the current Outreachy season which means it's time to think about the next round! If you'd like to participate, can you work on having a clear timeline of 12 weeks for the intern?

Login to comment on this ticket.

Metadata