/[gentoo]/xml/htdocs/proj/en/glep/glep-0057.html
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0057.html

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.5 Revision 1.7
25<tbody valign="top"> 25<tbody valign="top">
26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">57</td> 26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">57</td>
27</tr> 27</tr>
28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Overview</td> 28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Overview</td>
29</tr> 29</tr>
30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.3</td> 30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.6</td>
31</tr> 31</tr>
32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0057.txt?cvsroot=gentoo">2010/01/13 03:26:53</a></td> 32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0057.txt?cvsroot=gentoo">2010/04/07 21:34:24</a></td>
33</tr> 33</tr>
34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;</td> 34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;</td>
35</tr> 35</tr>
36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Final</td> 36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Final</td>
37</tr> 37</tr>
167Infrastructure.</li> 167Infrastructure.</li>
168<li>Tree and distfile distribution from Infrastructure to Users, via the 168<li>Tree and distfile distribution from Infrastructure to Users, via the
169mirrors (this includes both HTTP and rsync distribution).</li> 169mirrors (this includes both HTTP and rsync distribution).</li>
170</ul> 170</ul>
171</blockquote> 171</blockquote>
172<p>Both processes need their security improved. In [#GLEPxx+2] we will discuss 172<p>Both processes need their security improved. In [GLEPxx2] we will discuss
173how to improve the security of the first process. The relatively 173how to improve the security of the first process. The relatively
174speaking simpler process of file distribution will be described in 174speaking simpler process of file distribution will be described in
175[#GLEP58]. Since it can be implemented without having to change the 175[GLEP58]. Since it can be implemented without having to change the
176workflow and behaviour of developers we hope to get it done in a 176workflow and behaviour of developers we hope to get it done in a
177reasonably short timeframe.</p> 177reasonably short timeframe.</p>
178</div> 178</div>
179<div class="section" id="attacks-against-processes"> 179<div class="section" id="attacks-against-processes">
180<h2><a class="toc-backref" href="#id6">Attacks against Processes</a></h2> 180<h2><a class="toc-backref" href="#id6">Attacks against Processes</a></h2>
209<p>Protection for process #1 can never be complete (without major 209<p>Protection for process #1 can never be complete (without major
210modifications to our development process), as a malicious developer is 210modifications to our development process), as a malicious developer is
211fully authorized to provide materials for distribution. Partial 211fully authorized to provide materials for distribution. Partial
212protection can be gained by Portage and Infrastructure changes, but the 212protection can be gained by Portage and Infrastructure changes, but the
213real improvements needed are developer education and continued 213real improvements needed are developer education and continued
214vigilance. This is further discussed in [#GLEPxx+2].</p> 214vigilance. This is further discussed in [GLEPxx2].</p>
215<p>This security is still limited in scope - protection against compromised 215<p>This security is still limited in scope - protection against compromised
216developers is very expensive, and even complex systems like peer review 216developers is very expensive, and even complex systems like peer review
217/ multiple signatures can be broken by colluding developers. There are many 217/ multiple signatures can be broken by colluding developers. There are many
218issues, be it social or technical, that increase the cost of such 218issues, be it social or technical, that increase the cost of such
219measures a lot while only providing marginal security gains. Any 219measures a lot while only providing marginal security gains. Any
222<p>Protection for process #2 is a different matter entirely. While it also 222<p>Protection for process #2 is a different matter entirely. While it also
223cannot be complete (as the User may be attacked directly), we can ensure 223cannot be complete (as the User may be attacked directly), we can ensure
224that Gentoo infrastructure and the mirrors are not a weak point. This 224that Gentoo infrastructure and the mirrors are not a weak point. This
225objective is actually much closer than it seems already - most of the 225objective is actually much closer than it seems already - most of the
226work has been completed for other things!. This is further discussed in 226work has been completed for other things!. This is further discussed in
227[#GLEP58]. As this process has the most to gain in security, and the 227[GLEP58]. As this process has the most to gain in security, and the
228most immediate impact, it should be implemented before or at the same 228most immediate impact, it should be implemented before or at the same
229time as any changes to process #1. Security at this layer is already 229time as any changes to process #1. Security at this layer is already
230available in the signed daily snapshots, but we can extend it to cover 230available in the signed daily snapshots, but we can extend it to cover
231the rsync mirrors as well.</p> 231the rsync mirrors as well.</p>
232<p>Requirements pertaining to and management of keys (OpenPGP or otherwise) 232<p>Requirements pertaining to and management of keys (OpenPGP or otherwise)
359vulnerability that has been mentioned in past discussions, and 359vulnerability that has been mentioned in past discussions, and
360integrating them in this overview).</p> 360integrating them in this overview).</p>
361</div> 361</div>
362<div class="section" id="references"> 362<div class="section" id="references">
363<h1><a class="toc-backref" href="#id11">References</a></h1> 363<h1><a class="toc-backref" href="#id11">References</a></h1>
364<dl class="docutils"> 364<table class="docutils citation" frame="void" id="c08a" rules="none">
365<colgroup><col class="label" /><col /></colgroup>
366<tbody valign="top">
365<dt>[C08a] Cappos, J et al. (2008). &quot;Package Management Security&quot;.</dt> 367<tr><td class="label">[C08a]</td><td>Cappos, J et al. (2008). &quot;Package Management Security&quot;.
366<dd>University of Arizona Technical Report TR08-02. Available online 368University of Arizona Technical Report TR08-02. Available online
367from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></dd> 369from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></td></tr>
370</tbody>
371</table>
372<table class="docutils citation" frame="void" id="c08b" rules="none">
373<colgroup><col class="label" /><col /></colgroup>
374<tbody valign="top">
368<dt>[C08b] Cappos, J et al. (2008). &quot;Attacks on Package Managers&quot;</dt> 375<tr><td class="label">[C08b]</td><td>Cappos, J et al. (2008). &quot;Attacks on Package Managers&quot;
369<dd>Available online at: 376Available online at:
370<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></dd> 377<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></td></tr>
371</dl> 378</tbody>
379</table>
380<table class="docutils citation" frame="void" id="glep58" rules="none">
381<colgroup><col class="label" /><col /></colgroup>
382<tbody valign="top">
383<tr><td class="label">[GLEP58]</td><td>Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
384<a class="reference external" href="http://www.gentoo.org/proj/en/glep/glep-0058.html">http://www.gentoo.org/proj/en/glep/glep-0058.html</a></td></tr>
385</tbody>
386</table>
387<table class="docutils citation" frame="void" id="glepxx2" rules="none">
388<colgroup><col class="label" /><col /></colgroup>
389<tbody valign="top">
390<tr><td class="label">[GLEPxx2]</td><td>Future GLEP on Developer Process security.</td></tr>
391</tbody>
392</table>
393<table class="docutils citation" frame="void" id="glepxx3" rules="none">
394<colgroup><col class="label" /><col /></colgroup>
395<tbody valign="top">
396<tr><td class="label">[GLEPxx3]</td><td>Future GLEP on GnuPG Policies and Handling.</td></tr>
397</tbody>
398</table>
372</div> 399</div>
373<div class="section" id="copyright"> 400<div class="section" id="copyright">
374<h1><a class="toc-backref" href="#id12">Copyright</a></h1> 401<h1><a class="toc-backref" href="#id12">Copyright</a></h1>
375<p>Copyright (c) 2005-2010 by Robin Hugh Johnson. This material may be 402<p>Copyright (c) 2005-2010 by Robin Hugh Johnson. This material may be
376distributed only subject to the terms and conditions set forth in the 403distributed only subject to the terms and conditions set forth in the
377Open Publication License, v1.0.</p> 404Open Publication License, v1.0.</p>
378<p>vim: tw=72 ts=2 expandtab:</p> 405<!-- vim: tw=72 ts=2 expandtab: -->
379</div> 406</div>
380 407
381</div> 408</div>
382<div class="footer"> 409<div class="footer">
383<hr class="footer" /> 410<hr class="footer" />
384<a class="reference external" href="glep-0057.txt">View document source</a>. 411<a class="reference external" href="glep-0057.txt">View document source</a>.
385Generated on: 2010-01-29 09:03 UTC. 412Generated on: 2010-04-07 21:54 UTC.
386Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. 413Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
387 414
388</div> 415</div>
389</body> 416</body>
390</html> 417</html>

Legend:
Removed from v.1.5  
changed lines
  Added in v.1.7

  ViewVC Help
Powered by ViewVC 1.1.20