/[gentoo]/xml/htdocs/proj/en/glep/glep-0014.txt
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0014.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.3 Revision 1.6
1GLEP: 14 1GLEP: 14
2Title: security updates based on GLSA 2Title: security updates based on GLSA
3Version: $Revision: 1.3 $ 3Version: $Revision: 1.6 $
4Last-Modified: $Date: 2003/08/24 22:11:46 $ 4Last-Modified: $Date: 2006/10/14 02:54:24 $
5Author: Marius Mauch <genone@genone.de>, 5Author: Marius Mauch <genone@genone.de>,
6Status: Draft 6Status: Accepted
7Type: Standards Track 7Type: Standards Track
8Content-Type: text/x-rst 8Content-Type: text/x-rst
9Created: 18 Aug 2003 9Created: 18 Aug 2003
10Post-History: 22-Aug-2003, 24-Aug-2003 10Post-History: 22-Aug-2003, 24-Aug-2003, 10-Nov-2003, 25-Oct-2004
11 11Requires: 21
12 12
13Abstract 13Abstract
14======== 14========
15 15
16There is currently no automatic way to check a Gentoo system for identified 16There is currently no automatic way to check a Gentoo system for identified
17security holes or auto-apply security fixes. This GLEP proposes a way to deal 17security holes or auto-apply security fixes. This GLEP proposes a way to deal
18with this issue 18with this issue
19
20Status Update
21=============
22
23Preliminary implementation ``glsa-check`` in gentoolkit, final implementation
24pending set support in portage (GLEP 21).
19 25
20 26
21Motivation 27Motivation
22========== 28==========
23 29
50----------- 56-----------
51 57
52The GLSA format needs to be specified, I suggest using XML for that to simplify 58The GLSA format needs to be specified, I suggest using XML for that to simplify
53parsing and later extensions. See `implementation`_ for a sample DTD. The format 59parsing and later extensions. See `implementation`_ for a sample DTD. The format
54has to be compatible with the update tool of course. If necessary a converter 60has to be compatible with the update tool of course. If necessary a converter
55tool or an editor could be written for people not comfortable with XML. 61tool or an editor could be written for people not comfortable with XML (update:
56Every GLSA has to be GPG signed by the responsible developer, who has to be 62a QT based editor for the GLSA format written by plasmaroo exists in the
57a member of the security herd. 63gentoo-projects repository). Every GLSA has to be GPG signed by the responsible
64developer, who has to be a member of the security herd.
58 65
59 66
60GLSA release process 67GLSA release process
61-------------------- 68--------------------
62 69
65be used to release a GLSA that will: 72be used to release a GLSA that will:
66 73
67- check the GLSA for correctness 74- check the GLSA for correctness
68- sign the GLSA with the developers GPG key 75- sign the GLSA with the developers GPG key
69- send a mail to gentoo-announce with the XML GLSA and a plaintext version attached 76- send a mail to gentoo-announce with the XML GLSA and a plaintext version attached
70- upload it to www.gentoo.org/glsa (or wherever they should be uploaded) 77- upload it to www.gentoo.org/security/en/glsa (via cvs commit)
71- put it on the rsync server 78- put it on the rsync server (via cvs commit)
72- notify the moderators on the forums to make an announcement 79- notify the moderators on the forums to make an announcement
73 80
74 81
75Portage changes 82Portage changes
76--------------- 83---------------
108 115
109Implementation 116Implementation
110============== 117==============
111 118
112A prototype implementation (including the update tool, a DTD and a sample 119A prototype implementation (including the update tool, a DTD and a sample
113XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ . This GLEP is based 120XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ and in the
121gentoo-projects/gentoo-security/GLSA repository. This GLEP is based
114on that implementation, though it can be changed or rewritten if necessary. 122on that implementation, though it can be changed or rewritten if necessary.
115According to portage developers there is also already some support for this in
116portage.
117 123
118 124
119Backwards compatibility 125Backwards compatibility
120======================= 126=======================
121 127

Legend:
Removed from v.1.3  
changed lines
  Added in v.1.6

  ViewVC Help
Powered by ViewVC 1.1.20