--- xml/htdocs/proj/en/glep/glep-0057.txt 2008/10/28 07:45:07 1.2 +++ xml/htdocs/proj/en/glep/glep-0057.txt 2010/01/13 03:26:53 1.3 @@ -1,14 +1,14 @@ GLEP: 57 Title: Security of distribution of Gentoo software - Overview -Version: $Revision: 1.2 $ -Last-Modified: $Date: 2008/10/28 07:45:07 $ +Version: $Revision: 1.3 $ +Last-Modified: $Date: 2010/01/13 03:26:53 $ Author: Robin Hugh Johnson Status: Draft Type: Informational Content-Type: text/x-rst Created: November 2005 -Updated: May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008 -Post-History: +Updated: May 2006, October 2006, November 2007, June 2008, July 2008, October 2008, January 2010 +Post-History: December 2009 Abstract ======== @@ -54,8 +54,8 @@ - Vulnerability of existing infrastructure to attacks. The previous two items make it possible for a skilled attacker to design an attack and then execute it against specific portions of - existing infrastructure (eg: Compromise a country-local rsync mirror, - and totally replace a package and it's Manifest). + existing infrastructure (e.g.: Compromise a country-local rsync + mirror, and totally replace a package and it's Manifest). Specification ============= @@ -94,7 +94,7 @@ direct attacks against Upstream and Users are outside of the scope of this series of GLEPs as they are not in any way controlled or controllable by Gentoo - however attacks using Gentoo as a conduit -(including malicous mirrors) must be considered. +(including malicious mirrors) must be considered. Processes --------- @@ -305,7 +305,7 @@ 2008-04-03, gentoo-dev mailing list, "Re: Monthly Gentoo Council Reminder for April" - Ciaran McCreesh (ciaranm). A thread in which Ciaran reminds everybody that simply making all the developers sign the -tree is not sufficent to prevent all attacks. +tree is not sufficient to prevent all attacks. [ http://thread.gmane.org/gmane.linux.gentoo.devel/55508/focus=55542 ] 2008-07-01, gentoo-portage-dev mailing list, "proto-GLEPS for @@ -339,7 +339,7 @@ Copyright ========= -Copyright (c) 2006 by Robin Hugh Johnson. This material may be +Copyright (c) 2005-2010 by Robin Hugh Johnson. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0.