| … | |
… | |
| 25 | <tbody valign="top"> |
25 | <tbody valign="top"> |
| 26 | <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td> |
26 | <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td> |
| 27 | </tr> |
27 | </tr> |
| 28 | <tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td> |
28 | <tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td> |
| 29 | </tr> |
29 | </tr> |
| 30 | <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.7</td> |
30 | <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.9</td> |
| 31 | </tr> |
31 | </tr> |
| 32 | <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2010/01/31 07:53:30</a></td> |
32 | <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2010/04/07 06:35:16</a></td> |
| 33 | </tr> |
33 | </tr> |
| 34 | <tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org>,</td> |
34 | <tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org>,</td> |
| 35 | </tr> |
35 | </tr> |
| 36 | <tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> |
36 | <tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> |
| 37 | </tr> |
37 | </tr> |
| … | |
… | |
| 177 | The package manager MUST not use the identifying string as a filename.</li> |
177 | The package manager MUST not use the identifying string as a filename.</li> |
| 178 | <li>The MetaManifest must ultimately be GnuPG-signed.<ol class="arabic"> |
178 | <li>The MetaManifest must ultimately be GnuPG-signed.<ol class="arabic"> |
| 179 | <li>For the initial implementation, the same key as used for snapshot |
179 | <li>For the initial implementation, the same key as used for snapshot |
| 180 | tarball signing is sufficient.</li> |
180 | tarball signing is sufficient.</li> |
| 181 | <li>For the future, the key used for fully automated signing by infra |
181 | <li>For the future, the key used for fully automated signing by infra |
| 182 | should not be on the same keyring as developer keys. See [#GLEPxx+3 |
182 | should not be on the same keyring as developer keys. See |
| 183 | for further notes].</li> |
183 | [#GLEPxx+3] for further notes.</li> |
| 184 | </ol> |
184 | </ol> |
| 185 | </li> |
185 | </li> |
| 186 | </ol> |
186 | </ol> |
| 187 | </div> |
187 | </div> |
| 188 | <div class="section" id="notes"> |
188 | <div class="section" id="notes"> |
| … | |
… | |
| 250 | </ol> |
250 | </ol> |
| 251 | </li> |
251 | </li> |
| 252 | </ol> |
252 | </ol> |
| 253 | <div class="section" id="id1"> |
253 | <div class="section" id="id1"> |
| 254 | <h3><a class="toc-backref" href="#id11">Notes:</a></h3> |
254 | <h3><a class="toc-backref" href="#id11">Notes:</a></h3> |
|
|
255 | <div class="system-message"> |
|
|
256 | <p class="system-message-title">System Message: INFO/1 (<tt class="docutils">glep-0058.txt</tt>, line 202); <em><a href="#id1">backlink</a></em></p> |
|
|
257 | Duplicate implicit target name: "notes:".</div> |
| 255 | <ol class="arabic simple"> |
258 | <ol class="arabic simple"> |
| 256 | <li>For initial implementations, it is acceptable to check EVERY item in |
259 | <li>For initial implementations, it is acceptable to check EVERY item in |
| 257 | the eclass and profiles directory, rather than tracking the exact |
260 | the eclass and profiles directory, rather than tracking the exact |
| 258 | files used by every eclass (see note #2). Later implementations |
261 | files used by every eclass (see note #2). Later implementations |
| 259 | should strive to only verify individual eclasses and profiles as |
262 | should strive to only verify individual eclasses and profiles as |
| … | |
… | |
| 343 | <li>Ned Ludd (solar) - Security concept review</li> |
346 | <li>Ned Ludd (solar) - Security concept review</li> |
| 344 | </ul> |
347 | </ul> |
| 345 | </div> |
348 | </div> |
| 346 | <div class="section" id="references"> |
349 | <div class="section" id="references"> |
| 347 | <h1><a class="toc-backref" href="#id18">References</a></h1> |
350 | <h1><a class="toc-backref" href="#id18">References</a></h1> |
| 348 | <dl class="docutils"> |
351 | <table class="docutils citation" frame="void" id="c08a" rules="none"> |
|
|
352 | <colgroup><col class="label" /><col /></colgroup> |
|
|
353 | <tbody valign="top"> |
| 349 | <dt>[C08a] Cappos, J et al. (2008). "Package Management Security".</dt> |
354 | <tr><td class="label">[C08a]</td><td>Cappos, J et al. (2008). "Package Management Security". |
| 350 | <dd>University of Arizona Technical Report TR08-02. Available online |
355 | University of Arizona Technical Report TR08-02. Available online |
| 351 | from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></dd> |
356 | from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></td></tr> |
|
|
357 | </tbody> |
|
|
358 | </table> |
|
|
359 | <table class="docutils citation" frame="void" id="c08b" rules="none"> |
|
|
360 | <colgroup><col class="label" /><col /></colgroup> |
|
|
361 | <tbody valign="top"> |
| 352 | <dt>[C08b] Cappos, J et al. (2008). "Attacks on Package Managers"</dt> |
362 | <tr><td class="label">[C08b]</td><td>Cappos, J et al. (2008). "Attacks on Package Managers" |
| 353 | <dd>Available online at: |
363 | Available online at: |
| 354 | <a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></dd> |
364 | <a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></td></tr> |
| 355 | </dl> |
365 | </tbody> |
| 356 | <div class="system-message"> |
366 | </table> |
| 357 | <p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0058.txt</tt>, line 307)</p> |
367 | <table class="docutils footnote" frame="void" id="glepxx-2" rules="none"> |
| 358 | Definition list ends without a blank line; unexpected unindent.</div> |
368 | <colgroup><col class="label" /><col /></colgroup> |
| 359 | <p>[#GLEPxx+2] Future GLEP on Developer Process security. |
369 | <tbody valign="top"> |
| 360 | [#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.</p> |
370 | <tr><td class="label">[1]</td><td>Future GLEP on Developer Process security.</td></tr> |
|
|
371 | </tbody> |
|
|
372 | </table> |
|
|
373 | <table class="docutils footnote" frame="void" id="glepxx-3" rules="none"> |
|
|
374 | <colgroup><col class="label" /><col /></colgroup> |
|
|
375 | <tbody valign="top"> |
|
|
376 | <tr><td class="label">[2]</td><td>Future GLEP on GnuPG Policies and Handling.</td></tr> |
|
|
377 | </tbody> |
|
|
378 | </table> |
| 361 | </div> |
379 | </div> |
| 362 | <div class="section" id="copyright"> |
380 | <div class="section" id="copyright"> |
| 363 | <h1><a class="toc-backref" href="#id19">Copyright</a></h1> |
381 | <h1><a class="toc-backref" href="#id19">Copyright</a></h1> |
| 364 | <p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be |
382 | <p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be |
| 365 | distributed only subject to the terms and conditions set forth in the |
383 | distributed only subject to the terms and conditions set forth in the |
| … | |
… | |
| 369 | |
387 | |
| 370 | </div> |
388 | </div> |
| 371 | <div class="footer"> |
389 | <div class="footer"> |
| 372 | <hr class="footer" /> |
390 | <hr class="footer" /> |
| 373 | <a class="reference external" href="glep-0058.txt">View document source</a>. |
391 | <a class="reference external" href="glep-0058.txt">View document source</a>. |
| 374 | Generated on: 2010-02-07 16:21 UTC. |
392 | Generated on: 2010-04-07 06:35 UTC. |
| 375 | Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
393 | Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
| 376 | |
394 | |
| 377 | </div> |
395 | </div> |
| 378 | </body> |
396 | </body> |
| 379 | </html> |
397 | </html> |
Parent Directory
| 
Revision Log
| 
Patch