/[gentoo]/xml/htdocs/proj/en/glep/glep-0057.html
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0057.html

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1 Revision 1.3
25<tbody valign="top"> 25<tbody valign="top">
26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">57</td> 26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">57</td>
27</tr> 27</tr>
28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Overview</td> 28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Overview</td>
29</tr> 29</tr>
30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.13</td> 30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.2</td>
31</tr> 31</tr>
32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0057.txt?cvsroot=gentoo">2008/10/09 23:23:12</a></td> 32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0057.txt?cvsroot=gentoo">2008/10/28 07:45:07</a></td>
33</tr> 33</tr>
34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;</td> 34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;</td>
35</tr> 35</tr>
36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> 36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
37</tr> 37</tr>
40<tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference external" href="glep-0002.html">text/x-rst</a></td> 40<tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference external" href="glep-0002.html">text/x-rst</a></td>
41</tr> 41</tr>
42<tr class="field"><th class="field-name">Created:</th><td class="field-body">November 2005</td> 42<tr class="field"><th class="field-name">Created:</th><td class="field-body">November 2005</td>
43</tr> 43</tr>
44<tr class="field"><th class="field-name">Updated:</th><td class="field-body">May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008</td> 44<tr class="field"><th class="field-name">Updated:</th><td class="field-body">May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008</td>
45</tr>
46<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td>
45</tr> 47</tr>
46</tbody> 48</tbody>
47</table> 49</table>
48<hr /> 50<hr />
49<div class="contents topic" id="contents"> 51<div class="contents topic" id="contents">
163Infrastructure.</li> 165Infrastructure.</li>
164<li>Tree and distfile distribution from Infrastructure to Users, via the 166<li>Tree and distfile distribution from Infrastructure to Users, via the
165mirrors (this includes both HTTP and rsync distribution).</li> 167mirrors (this includes both HTTP and rsync distribution).</li>
166</ul> 168</ul>
167</blockquote> 169</blockquote>
168<p>Both processes need their security improved. In [GLEPxx+2] we will discuss 170<p>Both processes need their security improved. In [#GLEPxx+2] we will discuss
169how to improve the security of the first process. The relatively 171how to improve the security of the first process. The relatively
170speaking simpler process of file distribution will be described in 172speaking simpler process of file distribution will be described in
171[GLEPxx+1]. Since it can be implemented without having to change the 173[#GLEP58]. Since it can be implemented without having to change the
172workflow and behaviour of developers we hope to get it done in a 174workflow and behaviour of developers we hope to get it done in a
173reasonably short timeframe.</p> 175reasonably short timeframe.</p>
174</div> 176</div>
175<div class="section" id="attacks-against-processes"> 177<div class="section" id="attacks-against-processes">
176<h2><a class="toc-backref" href="#id6">Attacks against Processes</a></h2> 178<h2><a class="toc-backref" href="#id6">Attacks against Processes</a></h2>
205<p>Protection for process #1 can never be complete (without major 207<p>Protection for process #1 can never be complete (without major
206modifications to our development process), as a malicious developer is 208modifications to our development process), as a malicious developer is
207fully authorized to provide materials for distribution. Partial 209fully authorized to provide materials for distribution. Partial
208protection can be gained by Portage and Infrastructure changes, but the 210protection can be gained by Portage and Infrastructure changes, but the
209real improvements needed are developer education and continued 211real improvements needed are developer education and continued
210vigilance. This is further discussed in [GLEPxx+2].</p> 212vigilance. This is further discussed in [#GLEPxx+2].</p>
211<p>This security is still limited in scope - protection against compromised 213<p>This security is still limited in scope - protection against compromised
212developers is very expensive, and even complex systems like peer review 214developers is very expensive, and even complex systems like peer review
213/ multiple signatures can be broken by colluding developers. There are many 215/ multiple signatures can be broken by colluding developers. There are many
214issues, be it social or technical, that increase the cost of such 216issues, be it social or technical, that increase the cost of such
215measures a lot while only providing marginal security gains. Any 217measures a lot while only providing marginal security gains. Any
218<p>Protection for process #2 is a different matter entirely. While it also 220<p>Protection for process #2 is a different matter entirely. While it also
219cannot be complete (as the User may be attacked directly), we can ensure 221cannot be complete (as the User may be attacked directly), we can ensure
220that Gentoo infrastructure and the mirrors are not a weak point. This 222that Gentoo infrastructure and the mirrors are not a weak point. This
221objective is actually much closer than it seems already - most of the 223objective is actually much closer than it seems already - most of the
222work has been completed for other things!. This is further discussed in 224work has been completed for other things!. This is further discussed in
223[GLEP58]. As this process has the most to gain in security, and the 225[#GLEP58]. As this process has the most to gain in security, and the
224most immediate impact, it should be implemented before or at the same 226most immediate impact, it should be implemented before or at the same
225time as any changes to process #1. Security at this layer is already 227time as any changes to process #1. Security at this layer is already
226available in the signed daily snapshots, but we can extend it to cover 228available in the signed daily snapshots, but we can extend it to cover
227the rsync mirrors as well.</p> 229the rsync mirrors as well.</p>
228<p>Requirements pertaining to and management of keys (OpenPGP or otherwise) 230<p>Requirements pertaining to and management of keys (OpenPGP or otherwise)
376 378
377</div> 379</div>
378<div class="footer"> 380<div class="footer">
379<hr class="footer" /> 381<hr class="footer" />
380<a class="reference external" href="glep-0057.txt">View document source</a>. 382<a class="reference external" href="glep-0057.txt">View document source</a>.
381Generated on: 2008-10-21 23:27 UTC. 383Generated on: 2008-10-28 07:47 UTC.
382Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. 384Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
383 385
384</div> 386</div>
385</body> 387</body>
386</html> 388</html>

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.3

  ViewVC Help
Powered by ViewVC 1.1.20