| 1 | GLEP: 59 |
1 | GLEP: 59 |
| 2 | Title: Manifest2 hash policies and security implications |
2 | Title: Manifest2 hash policies and security implications |
| 3 | Version: $Revision: 1.8 $ |
3 | Version: $Revision: 1.9 $ |
| 4 | Last-Modified: $Date: 2010/02/07 10:39:52 $ |
4 | Last-Modified: $Date: 2010/04/07 21:34:24 $ |
| 5 | Author: Robin Hugh Johnson <robbat2@gentoo.org>, |
5 | Author: Robin Hugh Johnson <robbat2@gentoo.org>, |
| 6 | Status: Draft |
6 | Status: Draft |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Requires: 44 |
9 | Requires: 44 |
| … | |
… | |
| 26 | tree, but is only tangentially related to the actual signing of |
26 | tree, but is only tangentially related to the actual signing of |
| 27 | Manifests. Checksums present one possible weak point in the overall |
27 | Manifests. Checksums present one possible weak point in the overall |
| 28 | security of the tree - and a comprehensive security plan is needed. |
28 | security of the tree - and a comprehensive security plan is needed. |
| 29 | |
29 | |
| 30 | This GLEP is not mandatory for the tree-signing specification, but |
30 | This GLEP is not mandatory for the tree-signing specification, but |
| 31 | instead aims to improve the security of the hashes used in Manifest2. |
31 | instead aims to improve the security of the hashes used in Manifest2 |
| 32 | As such, it is also able to stand on it's own. |
32 | [GLEP44]. As such, it is also able to stand on it's own. |
| 33 | |
33 | |
| 34 | Specification |
34 | Specification |
| 35 | ============= |
35 | ============= |
| 36 | The bad news |
36 | The bad news |
| 37 | ------------ |
37 | ------------ |
| … | |
… | |
| 215 | and also being stubborn enough in not accepting a partial solution. |
215 | and also being stubborn enough in not accepting a partial solution. |
| 216 | - Marius Mauch (genone), Zac Medico (zmedico) and Brian Harring |
216 | - Marius Mauch (genone), Zac Medico (zmedico) and Brian Harring |
| 217 | (ferringb): for being knowledgeable about the Portage Manifest2 |
217 | (ferringb): for being knowledgeable about the Portage Manifest2 |
| 218 | codebase. |
218 | codebase. |
| 219 | |
219 | |
|
|
220 | References |
|
|
221 | ========== |
|
|
222 | .. [GLEP44] Mauch, M. (2005) GLEP44 - Manifest2 format. |
|
|
223 | http://www.gentoo.org/proj/en/glep/glep-0044.html |
|
|
224 | |
| 220 | Copyright |
225 | Copyright |
| 221 | ========= |
226 | ========= |
| 222 | Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be |
227 | Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be |
| 223 | distributed only subject to the terms and conditions set forth in the |
228 | distributed only subject to the terms and conditions set forth in the |
| 224 | Open Publication License, v1.0. |
229 | Open Publication License, v1.0. |
| 225 | |
230 | |
| 226 | vim: tw=72 ts=2 expandtab: |
231 | .. vim: tw=72 ts=2 expandtab: |
Parent Directory
| 
Revision Log
| 
Patch