| … | |
… | |
| 31 | <tbody valign="top"> |
31 | <tbody valign="top"> |
| 32 | <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">14</td> |
32 | <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">14</td> |
| 33 | </tr> |
33 | </tr> |
| 34 | <tr class="field"><th class="field-name">Title:</th><td class="field-body">security updates based on GLSA</td> |
34 | <tr class="field"><th class="field-name">Title:</th><td class="field-body">security updates based on GLSA</td> |
| 35 | </tr> |
35 | </tr> |
| 36 | <tr class="field"><th class="field-name">Version:</th><td class="field-body">$Revision: 1.2 $</td> |
36 | <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.4</td> |
| 37 | </tr> |
37 | </tr> |
| 38 | <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0014.txt?cvsroot=gentoo">$Date: 2003/08/24 22:11:46 $</a></td> |
38 | <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0014.txt?cvsroot=gentoo">2003/11/10 19:21:57</a></td> |
| 39 | </tr> |
39 | </tr> |
| 40 | <tr class="field"><th class="field-name">Author:</th><td class="field-body">Marius Mauch <genone at genone.de>,</td> |
40 | <tr class="field"><th class="field-name">Author:</th><td class="field-body">Marius Mauch <genone at genone.de>,</td> |
| 41 | </tr> |
41 | </tr> |
| 42 | <tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> |
42 | <tr class="field"><th class="field-name">Status:</th><td class="field-body">Accepted</td> |
| 43 | </tr> |
43 | </tr> |
| 44 | <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td> |
44 | <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td> |
| 45 | </tr> |
45 | </tr> |
| 46 | <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td> |
46 | <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td> |
| 47 | </tr> |
47 | </tr> |
| 48 | <tr class="field"><th class="field-name">Created:</th><td class="field-body">18 Aug 2003</td> |
48 | <tr class="field"><th class="field-name">Created:</th><td class="field-body">18 Aug 2003</td> |
| 49 | </tr> |
49 | </tr> |
| 50 | <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">22-Aug-2003, 24-Aug-2003</td> |
50 | <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">22-Aug-2003, 24-Aug-2003, 10-Nov-2003</td> |
| 51 | </tr> |
51 | </tr> |
| 52 | </tbody> |
52 | </tbody> |
| 53 | </table> |
53 | </table> |
| 54 | <hr /> |
54 | <hr /> |
| 55 | <div class="contents topic" id="contents"> |
55 | <div class="contents topic" id="contents"> |
| … | |
… | |
| 102 | <div class="section" id="glsa-format"> |
102 | <div class="section" id="glsa-format"> |
| 103 | <h2><a class="toc-backref" href="#id6" name="glsa-format">GLSA format</a></h2> |
103 | <h2><a class="toc-backref" href="#id6" name="glsa-format">GLSA format</a></h2> |
| 104 | <p>The GLSA format needs to be specified, I suggest using XML for that to simplify |
104 | <p>The GLSA format needs to be specified, I suggest using XML for that to simplify |
| 105 | parsing and later extensions. See <a class="reference" href="#implementation">implementation</a> for a sample DTD. The format |
105 | parsing and later extensions. See <a class="reference" href="#implementation">implementation</a> for a sample DTD. The format |
| 106 | has to be compatible with the update tool of course. If necessary a converter |
106 | has to be compatible with the update tool of course. If necessary a converter |
| 107 | tool or an editor could be written for people not comfortable with XML. |
107 | tool or an editor could be written for people not comfortable with XML (update: |
| 108 | Every GLSA has to be GPG signed by the responsible developer, who has to be |
108 | a QT based editor for the GLSA format written by plasmaroo exists in the |
| 109 | a member of the security herd.</p> |
109 | gentoo-projects repository). Every GLSA has to be GPG signed by the responsible |
|
|
110 | developer, who has to be a member of the security herd.</p> |
| 110 | </div> |
111 | </div> |
| 111 | <div class="section" id="glsa-release-process"> |
112 | <div class="section" id="glsa-release-process"> |
| 112 | <h2><a class="toc-backref" href="#id7" name="glsa-release-process">GLSA release process</a></h2> |
113 | <h2><a class="toc-backref" href="#id7" name="glsa-release-process">GLSA release process</a></h2> |
| 113 | <p>Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
114 | <p>Additional to sending the GLSA to the gentoo-announce mailing list it has to be |
| 114 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
115 | stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should |
| 115 | be used to release a GLSA that will:</p> |
116 | be used to release a GLSA that will:</p> |
| 116 | <ul class="simple"> |
117 | <ul class="simple"> |
| 117 | <li>check the GLSA for correctness</li> |
118 | <li>check the GLSA for correctness</li> |
| 118 | <li>sign the GLSA with the developers GPG key</li> |
119 | <li>sign the GLSA with the developers GPG key</li> |
| 119 | <li>send a mail to gentoo-announce with the XML GLSA and a plaintext version attached</li> |
120 | <li>send a mail to gentoo-announce with the XML GLSA and a plaintext version attached</li> |
| 120 | <li>upload it to www.gentoo.org/glsa (or wherever they should be uploaded)</li> |
121 | <li>upload it to www.gentoo.org/security/en/glsa (via cvs commit)</li> |
| 121 | <li>put it on the rsync server</li> |
122 | <li>put it on the rsync server (via cvs commit)</li> |
| 122 | <li>notify the moderators on the forums to make an announcement</li> |
123 | <li>notify the moderators on the forums to make an announcement</li> |
| 123 | </ul> |
124 | </ul> |
| 124 | </div> |
125 | </div> |
| 125 | <div class="section" id="portage-changes"> |
126 | <div class="section" id="portage-changes"> |
| 126 | <h2><a class="toc-backref" href="#id8" name="portage-changes">Portage changes</a></h2> |
127 | <h2><a class="toc-backref" href="#id8" name="portage-changes">Portage changes</a></h2> |
| … | |
… | |
| 152 | to prevent exploits by fake GLSAs.</p> |
153 | to prevent exploits by fake GLSAs.</p> |
| 153 | </div> |
154 | </div> |
| 154 | <div class="section" id="implementation"> |
155 | <div class="section" id="implementation"> |
| 155 | <h1><a class="toc-backref" href="#id10" name="implementation">Implementation</a></h1> |
156 | <h1><a class="toc-backref" href="#id10" name="implementation">Implementation</a></h1> |
| 156 | <p>A prototype implementation (including the update tool, a DTD and a sample |
157 | <p>A prototype implementation (including the update tool, a DTD and a sample |
| 157 | XMLified GLSA) exists at <a class="reference" href="http://gentoo.devel-net.org/glsa/">http://gentoo.devel-net.org/glsa/</a> . This GLEP is based |
158 | XMLified GLSA) exists at <a class="reference" href="http://gentoo.devel-net.org/glsa/">http://gentoo.devel-net.org/glsa/</a> and in the |
|
|
159 | gentoo-projects/gentoo-security/GLSA repository. This GLEP is based |
| 158 | on that implementation, though it can be changed or rewritten if necessary. |
160 | on that implementation, though it can be changed or rewritten if necessary.</p> |
| 159 | According to portage developers there is also already some support for this in |
|
|
| 160 | portage.</p> |
|
|
| 161 | </div> |
161 | </div> |
| 162 | <div class="section" id="backwards-compatibility"> |
162 | <div class="section" id="backwards-compatibility"> |
| 163 | <h1><a class="toc-backref" href="#id11" name="backwards-compatibility">Backwards compatibility</a></h1> |
163 | <h1><a class="toc-backref" href="#id11" name="backwards-compatibility">Backwards compatibility</a></h1> |
| 164 | <p>The current <a class="reference" href="#glsa-release-process">GLSA release process</a> needs to be replaced with this proposal. It |
164 | <p>The current <a class="reference" href="#glsa-release-process">GLSA release process</a> needs to be replaced with this proposal. It |
| 165 | would be nice if old GLSAs would be transformed into XML as well, but that is |
165 | would be nice if old GLSAs would be transformed into XML as well, but that is |
| … | |
… | |
| 172 | </div> |
172 | </div> |
| 173 | |
173 | |
| 174 | <hr class="footer"/> |
174 | <hr class="footer"/> |
| 175 | <div class="footer"> |
175 | <div class="footer"> |
| 176 | <a class="reference" href="glep-0014.txt">View document source</a>. |
176 | <a class="reference" href="glep-0014.txt">View document source</a>. |
| 177 | Generated on: 2003-08-24 22:06 UTC. |
177 | Generated on: 2003-11-10 19:22 UTC. |
| 178 | Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
178 | Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
| 179 | </div> |
179 | </div> |
| 180 | </body> |
180 | </body> |
| 181 | </html> |
181 | </html> |
| 182 | |
182 | |
Parent Directory
| 
Revision Log
| 
Patch