/[gentoo]/xml/htdocs/proj/en/glep/glep-0058.html
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0058.html

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.3 Revision 1.4
25<tbody valign="top"> 25<tbody valign="top">
26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td> 26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td>
27</tr> 27</tr>
28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td> 28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td>
29</tr> 29</tr>
30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.6</td> 30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.7</td>
31</tr> 31</tr>
32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2010/01/13 03:26:53</a></td> 32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2010/01/31 07:53:30</a></td>
33</tr> 33</tr>
34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;,</td> 34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;,</td>
35</tr> 35</tr>
36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> 36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
37</tr> 37</tr>
43</tr> 43</tr>
44<tr class="field"><th class="field-name">Created:</th><td class="field-body">October 2006</td> 44<tr class="field"><th class="field-name">Created:</th><td class="field-body">October 2006</td>
45</tr> 45</tr>
46<tr class="field"><th class="field-name">Updated:</th><td class="field-body">November 2007, June 2008, July 2008, October 2008, January 2010</td> 46<tr class="field"><th class="field-name">Updated:</th><td class="field-body">November 2007, June 2008, July 2008, October 2008, January 2010</td>
47</tr> 47</tr>
48<tr class="field"><th class="field-name">Post-History:</th><td class="field-body">December 2009</td> 48<tr class="field"><th class="field-name">Post-History:</th><td class="field-body">December 2009, January 2010</td>
49</tr> 49</tr>
50</tbody> 50</tbody>
51</table> 51</table>
52<hr /> 52<hr />
53<div class="contents topic" id="contents"> 53<div class="contents topic" id="contents">
54<p class="topic-title first">Contents</p> 54<p class="topic-title first">Contents</p>
55<ul class="simple"> 55<ul class="simple">
56<li><a class="reference internal" href="#abstract" id="id1">Abstract</a></li> 56<li><a class="reference internal" href="#abstract" id="id2">Abstract</a></li>
57<li><a class="reference internal" href="#motivation" id="id2">Motivation</a></li> 57<li><a class="reference internal" href="#motivation" id="id3">Motivation</a></li>
58<li><a class="reference internal" href="#specification" id="id3">Specification</a><ul> 58<li><a class="reference internal" href="#specification" id="id4">Specification</a><ul>
59<li><a class="reference internal" href="#procedure-for-creating-the-metamanifest-file" id="id4">Procedure for creating the MetaManifest file:</a></li> 59<li><a class="reference internal" href="#procedure-for-creating-the-metamanifest-file" id="id5">Procedure for creating the MetaManifest file:</a><ul>
60<li><a class="reference internal" href="#summary" id="id6">Summary:</a></li>
61<li><a class="reference internal" href="#process" id="id7">Process:</a></li>
62<li><a class="reference internal" href="#notes" id="id8">Notes:</a></li>
63</ul>
64</li>
60<li><a class="reference internal" href="#verification-of-one-or-more-items-from-the-metamanifest" id="id5">Verification of one or more items from the MetaManifest:</a></li> 65<li><a class="reference internal" href="#verification-of-one-or-more-items-from-the-metamanifest" id="id9">Verification of one or more items from the MetaManifest:</a></li>
61<li><a class="reference internal" href="#procedure-for-verifying-an-item-in-the-metamanifest" id="id6">Procedure for verifying an item in the MetaManifest:</a><ul> 66<li><a class="reference internal" href="#procedure-for-verifying-an-item-in-the-metamanifest" id="id10">Procedure for verifying an item in the MetaManifest:</a><ul>
62<li><a class="reference internal" href="#notes" id="id7">Notes:</a></li> 67<li><a class="reference internal" href="#id1" id="id11">Notes:</a></li>
63</ul>
64</li> 68</ul>
65</ul> 69</li>
66</li> 70</ul>
71</li>
67<li><a class="reference internal" href="#implementation-notes" id="id8">Implementation Notes</a><ul> 72<li><a class="reference internal" href="#implementation-notes" id="id12">Implementation Notes</a><ul>
68<li><a class="reference internal" href="#metamanifest-and-the-new-manifest2-filetypes" id="id9">MetaManifest and the new Manifest2 filetypes</a></li> 73<li><a class="reference internal" href="#metamanifest-and-the-new-manifest2-filetypes" id="id13">MetaManifest and the new Manifest2 filetypes</a></li>
69<li><a class="reference internal" href="#timestamps-additional-distribution-of-metamanifest" id="id10">Timestamps &amp; Additional distribution of MetaManifest</a></li> 74<li><a class="reference internal" href="#timestamps-additional-distribution-of-metamanifest" id="id14">Timestamps &amp; Additional distribution of MetaManifest</a></li>
70<li><a class="reference internal" href="#metamanifest-size-considerations" id="id11">MetaManifest size considerations</a></li> 75<li><a class="reference internal" href="#metamanifest-size-considerations" id="id15">MetaManifest size considerations</a></li>
71</ul>
72</li> 76</ul>
77</li>
73<li><a class="reference internal" href="#backwards-compatibility" id="id12">Backwards Compatibility</a></li> 78<li><a class="reference internal" href="#backwards-compatibility" id="id16">Backwards Compatibility</a></li>
74<li><a class="reference internal" href="#thanks" id="id13">Thanks</a></li> 79<li><a class="reference internal" href="#thanks" id="id17">Thanks</a></li>
75<li><a class="reference internal" href="#references" id="id14">References</a></li> 80<li><a class="reference internal" href="#references" id="id18">References</a></li>
76<li><a class="reference internal" href="#copyright" id="id15">Copyright</a></li> 81<li><a class="reference internal" href="#copyright" id="id19">Copyright</a></li>
77</ul> 82</ul>
78</div> 83</div>
79<div class="section" id="abstract"> 84<div class="section" id="abstract">
80<h1><a class="toc-backref" href="#id1">Abstract</a></h1> 85<h1><a class="toc-backref" href="#id2">Abstract</a></h1>
81<p>MetaManifest provides a means of verifiable distribution from Gentoo 86<p>MetaManifest provides a means of verifiable distribution from Gentoo
82Infrastructure to a user system, while data is conveyed over completely 87Infrastructure to a user system, while data is conveyed over completely
83untrusted networks and system, by extending the Manifest2 specification, 88untrusted networks and system, by extending the Manifest2 specification,
84and adding a top-level Manifest file, with support for other nested 89and adding a top-level Manifest file, with support for other nested
85Manifests.</p> 90Manifests.</p>
86</div> 91</div>
87<div class="section" id="motivation"> 92<div class="section" id="motivation">
88<h1><a class="toc-backref" href="#id2">Motivation</a></h1> 93<h1><a class="toc-backref" href="#id3">Motivation</a></h1>
89<p>As part of a comprehensive security plan, we need a way to prove that 94<p>As part of a comprehensive security plan, we need a way to prove that
90something originating from Gentoo as an organization (read Gentoo-owned 95something originating from Gentoo as an organization (read Gentoo-owned
91hardware, run by infrastructure), has not been tampered with. This 96hardware, run by infrastructure), has not been tampered with. This
92allows the usage of third-party rsync mirrors, without worrying that 97allows the usage of third-party rsync mirrors, without worrying that
93they have modified something critical (e.g. eclasses, which are still 98they have modified something critical (e.g. eclasses, which are still
112trusted source allows validation of trees that come from community 117trusted source allows validation of trees that come from community
113mirrors, and allows detection of all cases of malicious mirrors (either 118mirrors, and allows detection of all cases of malicious mirrors (either
114by deliberate delay, replay [C08a, C08b] or alteration).</p> 119by deliberate delay, replay [C08a, C08b] or alteration).</p>
115</div> 120</div>
116<div class="section" id="specification"> 121<div class="section" id="specification">
117<h1><a class="toc-backref" href="#id3">Specification</a></h1> 122<h1><a class="toc-backref" href="#id4">Specification</a></h1>
118<p>For lack of a better name, the following solution should be known as the 123<p>For lack of a better name, the following solution should be known as the
119MetaManifest. Those responsible for the name have already been sacked.</p> 124MetaManifest. Those responsible for the name have already been sacked.</p>
120<p>MetaManifest basically contains hashes of every file in the tree, either 125<p>MetaManifest basically contains hashes of every file in the tree, either
121directly or indirectly. The direct case applies to ANY file that does 126directly or indirectly. The direct case applies to ANY file that does
122not appear in an existing Manifest file (e.g. eclasses, Manifest files 127not appear in an existing Manifest file (e.g. eclasses, Manifest files
125tracking the hash of the Manifest, we can be assured that the contents 130tracking the hash of the Manifest, we can be assured that the contents
126are protected.</p> 131are protected.</p>
127<p>In the following, the MetaManifest file is a file named 'Manifest', 132<p>In the following, the MetaManifest file is a file named 'Manifest',
128located at the root of a repository.</p> 133located at the root of a repository.</p>
129<div class="section" id="procedure-for-creating-the-metamanifest-file"> 134<div class="section" id="procedure-for-creating-the-metamanifest-file">
130<h2><a class="toc-backref" href="#id4">Procedure for creating the MetaManifest file:</a></h2> 135<h2><a class="toc-backref" href="#id5">Procedure for creating the MetaManifest file:</a></h2>
136<div class="section" id="summary">
137<h3><a class="toc-backref" href="#id6">Summary:</a></h3>
138<p>The objective of creating the MetaManifest file(s) is to ensure that
139every single file in the tree occurs in at least one Manifest.</p>
140</div>
141<div class="section" id="process">
142<h3><a class="toc-backref" href="#id7">Process:</a></h3>
131<ol class="arabic simple"> 143<ol class="arabic simple">
132<li>Start at the root of the Gentoo Portage tree (gentoo-x86, although 144<li>Start at the root of the Gentoo Portage tree (gentoo-x86, although
133this procedure applies to overlays as well).</li> 145this procedure applies to overlays as well).</li>
134<li>Initialize two unordered sets: COVERED, ALL.<ol class="arabic"> 146<li>Initialize two unordered sets: COVERED, ALL.<ol class="arabic">
135<li>'ALL' will contain every file in the tree.</li> 147<li>'ALL' shall contain every file that exists in the present tree.</li>
136<li>'COVERED' will contain every file that is mentioned in an existing 148<li>'COVERED' shall contain EVERY file that is mentioned in an existing
137Manifest2.</li> 149Manifest2. If a file is mentioned in a Manifest2, but does not
150exist, it must still be included. No files should be excluded.</li>
138</ol> 151</ol>
139</li> 152</li>
140<li>Traverse the tree, depth-first.<ol class="arabic"> 153<li>Traverse the tree, depth-first.<ol class="arabic">
141<li>At the top level only, ignore the following directories: distfiles, 154<li>At the top level only, ignore the following directories: distfiles,
142packages, local</li> 155packages, local.</li>
143<li>If a directory contains a Manifest file, extract all relevant local 156<li>If a directory contains a Manifest file, extract all relevant local
144files from it (presently: AUX, MISC, EBUILD; but should follow the 157files from it (presently: AUX, MISC, EBUILD; but should follow the
145evolution of Manifest2 entry types per [#GLEP60]), and place them 158evolution of Manifest2 entry types per [#GLEP60]), and place them
146into the COVERED set.</li> 159into the COVERED set.</li>
147<li>Recursively add every file in the directory to the ALL set, 160<li>Recursively add every file in the directory to the ALL set,
169should not be on the same keyring as developer keys. See [#GLEPxx+3 182should not be on the same keyring as developer keys. See [#GLEPxx+3
170for further notes].</li> 183for further notes].</li>
171</ol> 184</ol>
172</li> 185</li>
173</ol> 186</ol>
187</div>
188<div class="section" id="notes">
189<h3><a class="toc-backref" href="#id8">Notes:</a></h3>
174<p>The above does not conflict the proposal contained in GLEP33, which 190<p>The above does not conflict the proposal contained in GLEP33, which
175restructure eclasses to include subdirectories and Manifest files, as 191restructure eclasses to include subdirectories and Manifest files, as
176the Manifest rules above still provide indirect verification for all 192the Manifest rules above still provide indirect verification for all
177files after the GLEP33 restructuring if it comes to pass.</p> 193files after the GLEP33 restructuring if it comes to pass.</p>
178<p>If other Manifests are added (such as per-category, per first-level 194<p>Additional levels of Manifests are required, such as per-category, and
179directory, or protecting versioned eclasses), the size of the 195in the eclasses, profiles and metadata directories. This ensures that a
180MetaManifest will be greatly reduced, and this specification was written 196change to a singular file causes the smallest possible overall change in
181with such a possible future addition in mind.</p> 197the Manifests as propagated. Creation of the additional levels of
198Manifests uses the same process as described above, simply starting at a
199different root point.</p>
182<p>MetaManifest generation will take place as part of the existing process 200<p>MetaManifest generation will take place as part of the existing process
183by infrastructure that takes the contents of CVS and prepares it for 201by infrastructure that takes the contents of CVS and prepares it for
184distribution via rsync, which includes generating metadata. In-tree 202distribution via rsync, which includes generating metadata. In-tree
185Manifest files are not checked at this point, as they are assumed to be 203Manifest files are not validated at this point, as they are assumed to
186correct.</p> 204be correct.</p>
205</div>
187</div> 206</div>
188<div class="section" id="verification-of-one-or-more-items-from-the-metamanifest"> 207<div class="section" id="verification-of-one-or-more-items-from-the-metamanifest">
189<h2><a class="toc-backref" href="#id5">Verification of one or more items from the MetaManifest:</a></h2> 208<h2><a class="toc-backref" href="#id9">Verification of one or more items from the MetaManifest:</a></h2>
190<p>There are two times that this may happen: firstly, immediately after the 209<p>There are two times that this may happen: firstly, immediately after the
191rsync has completed - this has the advantage that the kernel file cache 210rsync has completed - this has the advantage that the kernel file cache
192is hot, and checking the entire tree can be accomplished quickly. 211is hot, and checking the entire tree can be accomplished quickly.
193Secondly, the MetaManifest should be checked during installation of a 212Secondly, the MetaManifest should be checked during installation of a
194package.</p> 213package.</p>
195</div> 214</div>
196<div class="section" id="procedure-for-verifying-an-item-in-the-metamanifest"> 215<div class="section" id="procedure-for-verifying-an-item-in-the-metamanifest">
197<h2><a class="toc-backref" href="#id6">Procedure for verifying an item in the MetaManifest:</a></h2> 216<h2><a class="toc-backref" href="#id10">Procedure for verifying an item in the MetaManifest:</a></h2>
198<p>In the following, I've used term 'M2-verify' to note following the hash 217<p>In the following, I've used term 'M2-verify' to note following the hash
199verification procedures as defined by the Manifest2 format - which 218verification procedures as defined by the Manifest2 format - which
200compromise checking the file length, and that the hashes match. Which 219compromise checking the file length, and that the hashes match. Which
201filetypes may be ignored on missing is discussed in [#GLEP60].</p> 220filetypes may be ignored on missing is discussed in [#GLEP60].</p>
202<ol class="arabic simple"> 221<ol class="arabic simple">
229<li>Perform M2-verification of all eclasses and profiles used (both 248<li>Perform M2-verification of all eclasses and profiles used (both
230directly and indirectly) by the ebuild.</li> 249directly and indirectly) by the ebuild.</li>
231</ol> 250</ol>
232</li> 251</li>
233</ol> 252</ol>
234<div class="section" id="notes"> 253<div class="section" id="id1">
235<h3><a class="toc-backref" href="#id7">Notes:</a></h3> 254<h3><a class="toc-backref" href="#id11">Notes:</a></h3>
236<ol class="arabic simple"> 255<ol class="arabic simple">
237<li>For initial implementations, it is acceptable to check EVERY item in 256<li>For initial implementations, it is acceptable to check EVERY item in
238the eclass and profiles directory, rather than tracking the exact 257the eclass and profiles directory, rather than tracking the exact
239files used by every eclass (see note #2). Later implementations 258files used by every eclass (see note #2). Later implementations
240should strive to only verify individual eclasses and profiles as 259should strive to only verify individual eclasses and profiles as
247</ol> 266</ol>
248</div> 267</div>
249</div> 268</div>
250</div> 269</div>
251<div class="section" id="implementation-notes"> 270<div class="section" id="implementation-notes">
252<h1><a class="toc-backref" href="#id8">Implementation Notes</a></h1> 271<h1><a class="toc-backref" href="#id12">Implementation Notes</a></h1>
253<p>For this portion of the tree-signing work, no actions are required of 272<p>For this portion of the tree-signing work, no actions are required of
254the individual Gentoo developers. They will continue to develop and 273the individual Gentoo developers. They will continue to develop and
255commit as they do presently, and the MetaManifest is added by 274commit as they do presently, and the MetaManifest is added by
256Infrastructure during the tree generation process, and distributed to 275Infrastructure during the tree generation process, and distributed to
257users.</p> 276users.</p>
277<p>Any scripts generating Manifests and the MetaManifest may find it useful
278to generate multiple levels of Manifests in parallel, and this is
279explicitly permitted, provided that every file in the tree is covered by
280at least one Manifest or the MetaManifest file. The uppermost
281Manifest (MetaManifest) is the only item that does not occur in any
282other Manifest file, but is instead GPG-signed to enable it's
283validation.</p>
258<div class="section" id="metamanifest-and-the-new-manifest2-filetypes"> 284<div class="section" id="metamanifest-and-the-new-manifest2-filetypes">
259<h2><a class="toc-backref" href="#id9">MetaManifest and the new Manifest2 filetypes</a></h2> 285<h2><a class="toc-backref" href="#id13">MetaManifest and the new Manifest2 filetypes</a></h2>
260<p>While [#GLEP60] describes the addition of new filetypes, these are NOT 286<p>While [#GLEP60] describes the addition of new filetypes, these are NOT
261needed for implementation of the MetaManifest proposal. Without the new 287needed for implementation of the MetaManifest proposal. Without the new
262filetypes, all entries in the MetaManifest would be of type 'MISC'.</p> 288filetypes, all entries in the MetaManifest would be of type 'MISC'.</p>
263</div> 289</div>
264<div class="section" id="timestamps-additional-distribution-of-metamanifest"> 290<div class="section" id="timestamps-additional-distribution-of-metamanifest">
265<h2><a class="toc-backref" href="#id10">Timestamps &amp; Additional distribution of MetaManifest</a></h2> 291<h2><a class="toc-backref" href="#id14">Timestamps &amp; Additional distribution of MetaManifest</a></h2>
266<p>As discussed by [C08a,C08b], malicious third-party mirrors may use the 292<p>As discussed by [C08a,C08b], malicious third-party mirrors may use the
267principles of exclusion and replay to deny an update to clients, while 293principles of exclusion and replay to deny an update to clients, while
268at the same time recording the identity of clients to attack.</p> 294at the same time recording the identity of clients to attack.</p>
269<p>This should be guarded against by including a timestamp in the header of 295<p>This should be guarded against by including a timestamp in the header of
270the MetaManifest, as well as distributing the latest MetaManifests by a 296the MetaManifest, as well as distributing the latest MetaManifests by a
282decide is the tree is too out of date per operation #2 of the 308decide is the tree is too out of date per operation #2 of the
283verification process. The decision about freshness should be a 309verification process. The decision about freshness should be a
284user-configuration setting, with the ability to override.</p> 310user-configuration setting, with the ability to override.</p>
285</div> 311</div>
286<div class="section" id="metamanifest-size-considerations"> 312<div class="section" id="metamanifest-size-considerations">
287<h2><a class="toc-backref" href="#id11">MetaManifest size considerations</a></h2> 313<h2><a class="toc-backref" href="#id15">MetaManifest size considerations</a></h2>
288<p>With only two levels of Manifests (per-package and top-level), every 314<p>With only two levels of Manifests (per-package and top-level), every
289rsync will cause a lot of traffic transferring the modified top-level 315rsync will cause a lot of traffic transferring the modified top-level
290MetaManifest. To reduce this, first-level directory Manifests are 316MetaManifest. To reduce this, first-level directory Manifests are
291strongly recommended. Alternatively, if the distribution method 317required. Alternatively, if the distribution method efficiently handles
292efficiently handles small patch-like changes in an existing file, 318small patch-like changes in an existing file, using an uncompressed
293using an uncompressed MetaManifest may be acceptable (this would 319MetaManifest may be acceptable (this would primarily be distributed
294primarily be distributed version control systems). Other suggestions 320version control systems). Other suggestions in reducing this traffic are
295in reducing this traffic are welcomed.</p> 321welcomed.</p>
296</div> 322</div>
297</div> 323</div>
298<div class="section" id="backwards-compatibility"> 324<div class="section" id="backwards-compatibility">
299<h1><a class="toc-backref" href="#id12">Backwards Compatibility</a></h1> 325<h1><a class="toc-backref" href="#id16">Backwards Compatibility</a></h1>
300<ul class="simple"> 326<ul class="simple">
301<li>There are no backwards compatibility issues, as old versions of 327<li>There are no backwards compatibility issues, as old versions of
302Portage do not look for a Manifest file at the top level of the tree.</li> 328Portage do not look for a Manifest file at the top level of the tree.</li>
303<li>Manifest2-aware versions of Portage ignore all entries that they are 329<li>Manifest2-aware versions of Portage ignore all entries that they are
304not certain how to handle. Enabling headers and PGP signing to be 330not certain how to handle. Enabling headers and PGP signing to be
305conducted easily.</li> 331conducted easily.</li>
306</ul> 332</ul>
307</div> 333</div>
308<div class="section" id="thanks"> 334<div class="section" id="thanks">
309<h1><a class="toc-backref" href="#id13">Thanks</a></h1> 335<h1><a class="toc-backref" href="#id17">Thanks</a></h1>
310<p>I'd like to thank the following people for input on this GLEP.</p> 336<p>I'd like to thank the following people for input on this GLEP.</p>
311<ul class="simple"> 337<ul class="simple">
312<li>Patrick Lauer (patrick): Prodding me to get all of the tree-signing 338<li>Patrick Lauer (patrick): Prodding me to get all of the tree-signing
313work finished, and helping to edit.</li> 339work finished, and helping to edit.</li>
314<li>Ciaran McCreesh (ciaranm): Paludis Manifest2</li> 340<li>Ciaran McCreesh (ciaranm): Paludis Manifest2</li>
316<li>Marius Mauch (genone) &amp; Zac Medico (zmedico): Portage Manifest2</li> 342<li>Marius Mauch (genone) &amp; Zac Medico (zmedico): Portage Manifest2</li>
317<li>Ned Ludd (solar) - Security concept review</li> 343<li>Ned Ludd (solar) - Security concept review</li>
318</ul> 344</ul>
319</div> 345</div>
320<div class="section" id="references"> 346<div class="section" id="references">
321<h1><a class="toc-backref" href="#id14">References</a></h1> 347<h1><a class="toc-backref" href="#id18">References</a></h1>
322<dl class="docutils"> 348<dl class="docutils">
323<dt>[C08a] Cappos, J et al. (2008). &quot;Package Management Security&quot;.</dt> 349<dt>[C08a] Cappos, J et al. (2008). &quot;Package Management Security&quot;.</dt>
324<dd>University of Arizona Technical Report TR08-02. Available online 350<dd>University of Arizona Technical Report TR08-02. Available online
325from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></dd> 351from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></dd>
326<dt>[C08b] Cappos, J et al. (2008). &quot;Attacks on Package Managers&quot;</dt> 352<dt>[C08b] Cappos, J et al. (2008). &quot;Attacks on Package Managers&quot;</dt>
327<dd>Available online at: 353<dd>Available online at:
328<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></dd> 354<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></dd>
329</dl> 355</dl>
330</div> 356</div>
331<div class="section" id="copyright"> 357<div class="section" id="copyright">
332<h1><a class="toc-backref" href="#id15">Copyright</a></h1> 358<h1><a class="toc-backref" href="#id19">Copyright</a></h1>
333<p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be 359<p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be
334distributed only subject to the terms and conditions set forth in the 360distributed only subject to the terms and conditions set forth in the
335Open Publication License, v1.0.</p> 361Open Publication License, v1.0.</p>
336<p>vim: tw=72 ts=2 expandtab:</p> 362<p>vim: tw=72 ts=2 expandtab:</p>
337</div> 363</div>
338 364
339</div> 365</div>
340<div class="footer"> 366<div class="footer">
341<hr class="footer" /> 367<hr class="footer" />
342<a class="reference external" href="glep-0058.txt">View document source</a>. 368<a class="reference external" href="glep-0058.txt">View document source</a>.
343Generated on: 2010-01-13 03:27 UTC. 369Generated on: 2010-01-31 07:53 UTC.
344Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. 370Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
345 371
346</div> 372</div>
347</body> 373</body>
348</html> 374</html>

Legend:
Removed from v.1.3  
changed lines
  Added in v.1.4

  ViewVC Help
Powered by ViewVC 1.1.20