/[gentoo]/xml/htdocs/proj/en/glep/glep-0058.txt
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0058.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.8 Revision 1.9
1GLEP: 58 1GLEP: 58
2Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest 2Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
3Version: $Revision: 1.8 $ 3Version: $Revision: 1.9 $
4Last-Modified: $Date: 2010/02/07 16:24:17 $ 4Last-Modified: $Date: 2010/04/07 06:35:16 $
5Author: Robin Hugh Johnson <robbat2@gentoo.org>, 5Author: Robin Hugh Johnson <robbat2@gentoo.org>,
6Status: Draft 6Status: Draft
7Type: Standards Track 7Type: Standards Track
8Content-Type: text/x-rst 8Content-Type: text/x-rst
9Requires: 44, 60 9Requires: 44, 60
1248. The MetaManifest must ultimately be GnuPG-signed. 1248. The MetaManifest must ultimately be GnuPG-signed.
125 125
126 1. For the initial implementation, the same key as used for snapshot 126 1. For the initial implementation, the same key as used for snapshot
127 tarball signing is sufficient. 127 tarball signing is sufficient.
128 2. For the future, the key used for fully automated signing by infra 128 2. For the future, the key used for fully automated signing by infra
129 should not be on the same keyring as developer keys. See [#GLEPxx+3 129 should not be on the same keyring as developer keys. See
130 for further notes]. 130 [#GLEPxx+3] for further notes.
131 131
132Notes: 132Notes:
133====== 133======
134The above does not conflict the proposal contained in GLEP33, which 134The above does not conflict the proposal contained in GLEP33, which
135restructure eclasses to include subdirectories and Manifest files, as 135restructure eclasses to include subdirectories and Manifest files, as
296 296
297========== 297==========
298References 298References
299========== 299==========
300 300
301[C08a] Cappos, J et al. (2008). "Package Management Security". 301.. [C08a] Cappos, J et al. (2008). "Package Management Security".
302 University of Arizona Technical Report TR08-02. Available online 302 University of Arizona Technical Report TR08-02. Available online
303 from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf 303 from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
304
304[C08b] Cappos, J et al. (2008). "Attacks on Package Managers" 305.. [C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
305 Available online at: 306 Available online at:
306 http://www.cs.arizona.edu/people/justin/packagemanagersecurity/ 307 http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
308
307[#GLEPxx+2] Future GLEP on Developer Process security. 309.. [#GLEPxx+2] Future GLEP on Developer Process security.
310
308[#GLEPxx+3] Future GLEP on GnuPG Policies and Handling. 311.. [#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.
309 312
310========= 313=========
311Copyright 314Copyright
312========= 315=========
313Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be 316Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be

Legend:
Removed from v.1.8  
changed lines
  Added in v.1.9

  ViewVC Help
Powered by ViewVC 1.1.20