/[gentoo]/xml/htdocs/proj/en/glep/glep-0014.html
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0014.html

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.2 Revision 1.3
31<tbody valign="top"> 31<tbody valign="top">
32<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">14</td> 32<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">14</td>
33</tr> 33</tr>
34<tr class="field"><th class="field-name">Title:</th><td class="field-body">security updates based on GLSA</td> 34<tr class="field"><th class="field-name">Title:</th><td class="field-body">security updates based on GLSA</td>
35</tr> 35</tr>
36<tr class="field"><th class="field-name">Version:</th><td class="field-body">$Revision: 1.2 $</td> 36<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.4</td>
37</tr> 37</tr>
38<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0014.txt?cvsroot=gentoo">$Date: 2003/08/24 22:11:46 $</a></td> 38<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0014.txt?cvsroot=gentoo">2003/11/10 19:21:57</a></td>
39</tr> 39</tr>
40<tr class="field"><th class="field-name">Author:</th><td class="field-body">Marius Mauch &lt;genone&#32;&#97;t&#32;genone.de&gt;,</td> 40<tr class="field"><th class="field-name">Author:</th><td class="field-body">Marius Mauch &lt;genone&#32;&#97;t&#32;genone.de&gt;,</td>
41</tr> 41</tr>
42<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> 42<tr class="field"><th class="field-name">Status:</th><td class="field-body">Accepted</td>
43</tr> 43</tr>
44<tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td> 44<tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
45</tr> 45</tr>
46<tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td> 46<tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
47</tr> 47</tr>
48<tr class="field"><th class="field-name">Created:</th><td class="field-body">18 Aug 2003</td> 48<tr class="field"><th class="field-name">Created:</th><td class="field-body">18 Aug 2003</td>
49</tr> 49</tr>
50<tr class="field"><th class="field-name">Post-History:</th><td class="field-body">22-Aug-2003, 24-Aug-2003</td> 50<tr class="field"><th class="field-name">Post-History:</th><td class="field-body">22-Aug-2003, 24-Aug-2003, 10-Nov-2003</td>
51</tr> 51</tr>
52</tbody> 52</tbody>
53</table> 53</table>
54<hr /> 54<hr />
55<div class="contents topic" id="contents"> 55<div class="contents topic" id="contents">
102<div class="section" id="glsa-format"> 102<div class="section" id="glsa-format">
103<h2><a class="toc-backref" href="#id6" name="glsa-format">GLSA format</a></h2> 103<h2><a class="toc-backref" href="#id6" name="glsa-format">GLSA format</a></h2>
104<p>The GLSA format needs to be specified, I suggest using XML for that to simplify 104<p>The GLSA format needs to be specified, I suggest using XML for that to simplify
105parsing and later extensions. See <a class="reference" href="#implementation">implementation</a> for a sample DTD. The format 105parsing and later extensions. See <a class="reference" href="#implementation">implementation</a> for a sample DTD. The format
106has to be compatible with the update tool of course. If necessary a converter 106has to be compatible with the update tool of course. If necessary a converter
107tool or an editor could be written for people not comfortable with XML. 107tool or an editor could be written for people not comfortable with XML (update:
108Every GLSA has to be GPG signed by the responsible developer, who has to be 108a QT based editor for the GLSA format written by plasmaroo exists in the
109a member of the security herd.</p> 109gentoo-projects repository). Every GLSA has to be GPG signed by the responsible
110developer, who has to be a member of the security herd.</p>
110</div> 111</div>
111<div class="section" id="glsa-release-process"> 112<div class="section" id="glsa-release-process">
112<h2><a class="toc-backref" href="#id7" name="glsa-release-process">GLSA release process</a></h2> 113<h2><a class="toc-backref" href="#id7" name="glsa-release-process">GLSA release process</a></h2>
113<p>Additional to sending the GLSA to the gentoo-announce mailing list it has to be 114<p>Additional to sending the GLSA to the gentoo-announce mailing list it has to be
114stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should 115stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should
115be used to release a GLSA that will:</p> 116be used to release a GLSA that will:</p>
116<ul class="simple"> 117<ul class="simple">
117<li>check the GLSA for correctness</li> 118<li>check the GLSA for correctness</li>
118<li>sign the GLSA with the developers GPG key</li> 119<li>sign the GLSA with the developers GPG key</li>
119<li>send a mail to gentoo-announce with the XML GLSA and a plaintext version attached</li> 120<li>send a mail to gentoo-announce with the XML GLSA and a plaintext version attached</li>
120<li>upload it to www.gentoo.org/glsa (or wherever they should be uploaded)</li> 121<li>upload it to www.gentoo.org/security/en/glsa (via cvs commit)</li>
121<li>put it on the rsync server</li> 122<li>put it on the rsync server (via cvs commit)</li>
122<li>notify the moderators on the forums to make an announcement</li> 123<li>notify the moderators on the forums to make an announcement</li>
123</ul> 124</ul>
124</div> 125</div>
125<div class="section" id="portage-changes"> 126<div class="section" id="portage-changes">
126<h2><a class="toc-backref" href="#id8" name="portage-changes">Portage changes</a></h2> 127<h2><a class="toc-backref" href="#id8" name="portage-changes">Portage changes</a></h2>
152to prevent exploits by fake GLSAs.</p> 153to prevent exploits by fake GLSAs.</p>
153</div> 154</div>
154<div class="section" id="implementation"> 155<div class="section" id="implementation">
155<h1><a class="toc-backref" href="#id10" name="implementation">Implementation</a></h1> 156<h1><a class="toc-backref" href="#id10" name="implementation">Implementation</a></h1>
156<p>A prototype implementation (including the update tool, a DTD and a sample 157<p>A prototype implementation (including the update tool, a DTD and a sample
157XMLified GLSA) exists at <a class="reference" href="http://gentoo.devel-net.org/glsa/">http://gentoo.devel-net.org/glsa/</a> . This GLEP is based 158XMLified GLSA) exists at <a class="reference" href="http://gentoo.devel-net.org/glsa/">http://gentoo.devel-net.org/glsa/</a> and in the
159gentoo-projects/gentoo-security/GLSA repository. This GLEP is based
158on that implementation, though it can be changed or rewritten if necessary. 160on that implementation, though it can be changed or rewritten if necessary.</p>
159According to portage developers there is also already some support for this in
160portage.</p>
161</div> 161</div>
162<div class="section" id="backwards-compatibility"> 162<div class="section" id="backwards-compatibility">
163<h1><a class="toc-backref" href="#id11" name="backwards-compatibility">Backwards compatibility</a></h1> 163<h1><a class="toc-backref" href="#id11" name="backwards-compatibility">Backwards compatibility</a></h1>
164<p>The current <a class="reference" href="#glsa-release-process">GLSA release process</a> needs to be replaced with this proposal. It 164<p>The current <a class="reference" href="#glsa-release-process">GLSA release process</a> needs to be replaced with this proposal. It
165would be nice if old GLSAs would be transformed into XML as well, but that is 165would be nice if old GLSAs would be transformed into XML as well, but that is
172</div> 172</div>
173 173
174<hr class="footer"/> 174<hr class="footer"/>
175<div class="footer"> 175<div class="footer">
176<a class="reference" href="glep-0014.txt">View document source</a>. 176<a class="reference" href="glep-0014.txt">View document source</a>.
177Generated on: 2003-08-24 22:06 UTC. 177Generated on: 2003-11-10 19:22 UTC.
178Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. 178Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
179</div> 179</div>
180</body> 180</body>
181</html> 181</html>
182 182

Legend:
Removed from v.1.2  
changed lines
  Added in v.1.3

  ViewVC Help
Powered by ViewVC 1.1.20