/[gentoo]/xml/htdocs/proj/en/glep/glep-0058.html
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0058.html

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.6 Revision 1.8
25<tbody valign="top"> 25<tbody valign="top">
26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td> 26<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td>
27</tr> 27</tr>
28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td> 28<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td>
29</tr> 29</tr>
30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.7</td> 30<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.9</td>
31</tr> 31</tr>
32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2010/01/31 07:53:30</a></td> 32<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2010/04/07 06:35:16</a></td>
33</tr> 33</tr>
34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;,</td> 34<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;,</td>
35</tr> 35</tr>
36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> 36<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
37</tr> 37</tr>
177The package manager MUST not use the identifying string as a filename.</li> 177The package manager MUST not use the identifying string as a filename.</li>
178<li>The MetaManifest must ultimately be GnuPG-signed.<ol class="arabic"> 178<li>The MetaManifest must ultimately be GnuPG-signed.<ol class="arabic">
179<li>For the initial implementation, the same key as used for snapshot 179<li>For the initial implementation, the same key as used for snapshot
180tarball signing is sufficient.</li> 180tarball signing is sufficient.</li>
181<li>For the future, the key used for fully automated signing by infra 181<li>For the future, the key used for fully automated signing by infra
182should not be on the same keyring as developer keys. See [#GLEPxx+3 182should not be on the same keyring as developer keys. See
183for further notes].</li> 183[#GLEPxx+3] for further notes.</li>
184</ol> 184</ol>
185</li> 185</li>
186</ol> 186</ol>
187</div> 187</div>
188<div class="section" id="notes"> 188<div class="section" id="notes">
250</ol> 250</ol>
251</li> 251</li>
252</ol> 252</ol>
253<div class="section" id="id1"> 253<div class="section" id="id1">
254<h3><a class="toc-backref" href="#id11">Notes:</a></h3> 254<h3><a class="toc-backref" href="#id11">Notes:</a></h3>
255<div class="system-message">
256<p class="system-message-title">System Message: INFO/1 (<tt class="docutils">glep-0058.txt</tt>, line 202); <em><a href="#id1">backlink</a></em></p>
257Duplicate implicit target name: &quot;notes:&quot;.</div>
255<ol class="arabic simple"> 258<ol class="arabic simple">
256<li>For initial implementations, it is acceptable to check EVERY item in 259<li>For initial implementations, it is acceptable to check EVERY item in
257the eclass and profiles directory, rather than tracking the exact 260the eclass and profiles directory, rather than tracking the exact
258files used by every eclass (see note #2). Later implementations 261files used by every eclass (see note #2). Later implementations
259should strive to only verify individual eclasses and profiles as 262should strive to only verify individual eclasses and profiles as
343<li>Ned Ludd (solar) - Security concept review</li> 346<li>Ned Ludd (solar) - Security concept review</li>
344</ul> 347</ul>
345</div> 348</div>
346<div class="section" id="references"> 349<div class="section" id="references">
347<h1><a class="toc-backref" href="#id18">References</a></h1> 350<h1><a class="toc-backref" href="#id18">References</a></h1>
348<dl class="docutils"> 351<table class="docutils citation" frame="void" id="c08a" rules="none">
352<colgroup><col class="label" /><col /></colgroup>
353<tbody valign="top">
349<dt>[C08a] Cappos, J et al. (2008). &quot;Package Management Security&quot;.</dt> 354<tr><td class="label">[C08a]</td><td>Cappos, J et al. (2008). &quot;Package Management Security&quot;.
350<dd>University of Arizona Technical Report TR08-02. Available online 355University of Arizona Technical Report TR08-02. Available online
351from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></dd> 356from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></td></tr>
357</tbody>
358</table>
359<table class="docutils citation" frame="void" id="c08b" rules="none">
360<colgroup><col class="label" /><col /></colgroup>
361<tbody valign="top">
352<dt>[C08b] Cappos, J et al. (2008). &quot;Attacks on Package Managers&quot;</dt> 362<tr><td class="label">[C08b]</td><td>Cappos, J et al. (2008). &quot;Attacks on Package Managers&quot;
353<dd>Available online at: 363Available online at:
354<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></dd> 364<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></td></tr>
355</dl> 365</tbody>
366</table>
367<table class="docutils footnote" frame="void" id="glepxx-2" rules="none">
368<colgroup><col class="label" /><col /></colgroup>
369<tbody valign="top">
370<tr><td class="label">[1]</td><td>Future GLEP on Developer Process security.</td></tr>
371</tbody>
372</table>
373<table class="docutils footnote" frame="void" id="glepxx-3" rules="none">
374<colgroup><col class="label" /><col /></colgroup>
375<tbody valign="top">
376<tr><td class="label">[2]</td><td>Future GLEP on GnuPG Policies and Handling.</td></tr>
377</tbody>
378</table>
356</div> 379</div>
357<div class="section" id="copyright"> 380<div class="section" id="copyright">
358<h1><a class="toc-backref" href="#id19">Copyright</a></h1> 381<h1><a class="toc-backref" href="#id19">Copyright</a></h1>
359<p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be 382<p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be
360distributed only subject to the terms and conditions set forth in the 383distributed only subject to the terms and conditions set forth in the
364 387
365</div> 388</div>
366<div class="footer"> 389<div class="footer">
367<hr class="footer" /> 390<hr class="footer" />
368<a class="reference external" href="glep-0058.txt">View document source</a>. 391<a class="reference external" href="glep-0058.txt">View document source</a>.
369Generated on: 2010-01-31 09:56 UTC. 392Generated on: 2010-04-07 06:35 UTC.
370Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. 393Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
371 394
372</div> 395</div>
373</body> 396</body>
374</html> 397</html>

Legend:
Removed from v.1.6  
changed lines
  Added in v.1.8

  ViewVC Help
Powered by ViewVC 1.1.20