| 1 | GLEP: 59 |
1 | GLEP: 59 |
| 2 | Title: Manifest2 hash policies and security implications |
2 | Title: Manifest2 hash policies and security implications |
| 3 | Version: $Revision: 1.5 $ |
3 | Version: $Revision: 1.6 $ |
| 4 | Last-Modified: $Date: 2010/01/31 07:55:45 $ |
4 | Last-Modified: $Date: 2010/01/31 09:55:43 $ |
| 5 | Author: Robin Hugh Johnson <robbat2@gentoo.org>, |
5 | Author: Robin Hugh Johnson <robbat2@gentoo.org>, |
| 6 | Status: Draft |
6 | Status: Draft |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Requires: 44 |
9 | Requires: 44 |
| … | |
… | |
| 24 | ========== |
24 | ========== |
| 25 | This GLEP is being written as part of the work on signing the Portage |
25 | This GLEP is being written as part of the work on signing the Portage |
| 26 | tree, but is only tangentially related to the actual signing of |
26 | tree, but is only tangentially related to the actual signing of |
| 27 | Manifests. Checksums present one possible weak point in the overall |
27 | Manifests. Checksums present one possible weak point in the overall |
| 28 | security of the tree - and a comprehensive security plan is needed. |
28 | security of the tree - and a comprehensive security plan is needed. |
|
|
29 | |
|
|
30 | This GLEP is not mandatory for the tree-signing specification, but |
|
|
31 | instead aims to improve the security of the hashes used in Manifest2. |
|
|
32 | As such, it is also able to stand on it's own. |
| 29 | |
33 | |
| 30 | Specification |
34 | Specification |
| 31 | ============= |
35 | ============= |
| 32 | The bad news |
36 | The bad news |
| 33 | ------------ |
37 | ------------ |
Parent Directory
| 
Revision Log
| 
Patch