| 1 | GLEP: 14 |
1 | GLEP: 14 |
| 2 | Title: security updates based on GLSA |
2 | Title: security updates based on GLSA |
| 3 | Version: $Revision: 1.3 $ |
3 | Version: $Revision: 1.6 $ |
| 4 | Last-Modified: $Date: 2003/08/24 22:11:46 $ |
4 | Last-Modified: $Date: 2006/10/14 02:54:24 $ |
| 5 | Author: Marius Mauch <genone@genone.de>, |
5 | Author: Marius Mauch <genone@genone.de>, |
| 6 | Status: Draft |
6 | Status: Accepted |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Created: 18 Aug 2003 |
9 | Created: 18 Aug 2003 |
| 10 | Post-History: 22-Aug-2003, 24-Aug-2003 |
10 | Post-History: 22-Aug-2003, 24-Aug-2003, 10-Nov-2003, 25-Oct-2004 |
| 11 | |
11 | Requires: 21 |
| 12 | |
12 | |
| 13 | Abstract |
13 | Abstract |
| 14 | ======== |
14 | ======== |
| 15 | |
15 | |
| 16 | There is currently no automatic way to check a Gentoo system for identified |
16 | There is currently no automatic way to check a Gentoo system for identified |
| 17 | security holes or auto-apply security fixes. This GLEP proposes a way to deal |
17 | security holes or auto-apply security fixes. This GLEP proposes a way to deal |
| 18 | with this issue |
18 | with this issue |
|
|
19 | |
|
|
20 | Status Update |
|
|
21 | ============= |
|
|
22 | |
|
|
23 | Preliminary implementation ``glsa-check`` in gentoolkit, final implementation |
|
|
24 | pending set support in portage (GLEP 21). |
| 19 | |
25 | |
| 20 | |
26 | |
| 21 | Motivation |
27 | Motivation |
| 22 | ========== |
28 | ========== |
| 23 | |
29 | |
| … | |
… | |
| 50 | ----------- |
56 | ----------- |
| 51 | |
57 | |
| 52 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
58 | The GLSA format needs to be specified, I suggest using XML for that to simplify |
| 53 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
59 | parsing and later extensions. See `implementation`_ for a sample DTD. The format |
| 54 | has to be compatible with the update tool of course. If necessary a converter |
60 | has to be compatible with the update tool of course. If necessary a converter |
| 55 | tool or an editor could be written for people not comfortable with XML. |
61 | tool or an editor could be written for people not comfortable with XML (update: |
| 56 | Every GLSA has to be GPG signed by the responsible developer, who has to be |
62 | a QT based editor for the GLSA format written by plasmaroo exists in the |
| 57 | a member of the security herd. |
63 | gentoo-projects repository). Every GLSA has to be GPG signed by the responsible |
|
|
64 | developer, who has to be a member of the security herd. |
| 58 | |
65 | |
| 59 | |
66 | |
| 60 | GLSA release process |
67 | GLSA release process |
| 61 | -------------------- |
68 | -------------------- |
| 62 | |
69 | |
| … | |
… | |
| 65 | be used to release a GLSA that will: |
72 | be used to release a GLSA that will: |
| 66 | |
73 | |
| 67 | - check the GLSA for correctness |
74 | - check the GLSA for correctness |
| 68 | - sign the GLSA with the developers GPG key |
75 | - sign the GLSA with the developers GPG key |
| 69 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
76 | - send a mail to gentoo-announce with the XML GLSA and a plaintext version attached |
| 70 | - upload it to www.gentoo.org/glsa (or wherever they should be uploaded) |
77 | - upload it to www.gentoo.org/security/en/glsa (via cvs commit) |
| 71 | - put it on the rsync server |
78 | - put it on the rsync server (via cvs commit) |
| 72 | - notify the moderators on the forums to make an announcement |
79 | - notify the moderators on the forums to make an announcement |
| 73 | |
80 | |
| 74 | |
81 | |
| 75 | Portage changes |
82 | Portage changes |
| 76 | --------------- |
83 | --------------- |
| … | |
… | |
| 108 | |
115 | |
| 109 | Implementation |
116 | Implementation |
| 110 | ============== |
117 | ============== |
| 111 | |
118 | |
| 112 | A prototype implementation (including the update tool, a DTD and a sample |
119 | A prototype implementation (including the update tool, a DTD and a sample |
| 113 | XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ . This GLEP is based |
120 | XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ and in the |
|
|
121 | gentoo-projects/gentoo-security/GLSA repository. This GLEP is based |
| 114 | on that implementation, though it can be changed or rewritten if necessary. |
122 | on that implementation, though it can be changed or rewritten if necessary. |
| 115 | According to portage developers there is also already some support for this in |
|
|
| 116 | portage. |
|
|
| 117 | |
123 | |
| 118 | |
124 | |
| 119 | Backwards compatibility |
125 | Backwards compatibility |
| 120 | ======================= |
126 | ======================= |
| 121 | |
127 | |
Parent Directory
| 
Revision Log
| 
Patch