--- xml/htdocs/proj/en/glep/glep-0058.txt 2010/04/07 06:35:16 1.9 +++ xml/htdocs/proj/en/glep/glep-0058.txt 2010/04/07 21:34:24 1.10 @@ -1,7 +1,7 @@ GLEP: 58 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest -Version: $Revision: 1.9 $ -Last-Modified: $Date: 2010/04/07 06:35:16 $ +Version: $Revision: 1.10 $ +Last-Modified: $Date: 2010/04/07 21:34:24 $ Author: Robin Hugh Johnson , Status: Draft Type: Standards Track @@ -98,10 +98,10 @@ packages, local. 2. If a directory contains a Manifest file, extract all relevant local files from it (presently: AUX, MISC, EBUILD; but should follow the - evolution of Manifest2 entry types per [#GLEP60]), and place them + evolution of Manifest2 entry types per [GLEP60]), and place them into the COVERED set. 3. Recursively add every file in the directory to the ALL set, - pursuant to the exclusion list as mentioned in [#GLEP60]. + pursuant to the exclusion list as mentioned in [GLEP60]. 4. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED). This is every item that is not covered by another Manifest, or part @@ -127,14 +127,14 @@ tarball signing is sufficient. 2. For the future, the key used for fully automated signing by infra should not be on the same keyring as developer keys. See - [#GLEPxx+3] for further notes. + [GLEPxx3] for further notes. Notes: ====== -The above does not conflict the proposal contained in GLEP33, which +The above does not conflict the proposal contained in [GLEP33], which restructure eclasses to include subdirectories and Manifest files, as the Manifest rules above still provide indirect verification for all -files after the GLEP33 restructuring if it comes to pass. +files after the [GLEP33] restructuring if it comes to pass. Additional levels of Manifests are required, such as per-category, and in the eclasses, profiles and metadata directories. This ensures that a @@ -164,10 +164,10 @@ In the following, I've used term 'M2-verify' to note following the hash verification procedures as defined by the Manifest2 format - which compromise checking the file length, and that the hashes match. Which -filetypes may be ignored on missing is discussed in [#GLEP60]. +filetypes may be ignored on missing is discussed in [GLEP60]. 1. Check the GnuPG signature on the MetaManifest against the keyring of - automated Gentoo keys. See [#GLEPxx+3] for full details regarding + automated Gentoo keys. See [GLEPxx3] for full details regarding verification of GnuPG signatures. 1. Abort if the signature check fails. @@ -231,7 +231,7 @@ -------------------------------------------- MetaManifest and the new Manifest2 filetypes -------------------------------------------- -While [#GLEP60] describes the addition of new filetypes, these are NOT +While [GLEP60] describes the addition of new filetypes, these are NOT needed for implementation of the MetaManifest proposal. Without the new filetypes, all entries in the MetaManifest would be of type 'MISC'. @@ -306,9 +306,15 @@ Available online at: http://www.cs.arizona.edu/people/justin/packagemanagersecurity/ -.. [#GLEPxx+2] Future GLEP on Developer Process security. +.. [GLEP33] Eclass Restructure/Redesign + http://www.gentoo.org/proj/en/glep/glep-0033.html -.. [#GLEPxx+3] Future GLEP on GnuPG Policies and Handling. +.. [GLEP60] Manifest2 filetypes + http://www.gentoo.org/proj/en/glep/glep-0044.html + +.. [GLEPxx2] Future GLEP on Developer Process security. + +.. [GLEPxx3] Future GLEP on GnuPG Policies and Handling. ========= Copyright @@ -317,4 +323,4 @@ distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0. -vim: tw=72 ts=2 expandtab: +.. vim: tw=72 ts=2 expandtab: