--- xml/htdocs/proj/en/glep/glep-0014.html 2003/08/24 22:11:46 1.2 +++ xml/htdocs/proj/en/glep/glep-0014.html 2003/11/10 19:22:24 1.3 @@ -33,13 +33,13 @@ Title:security updates based on GLSA -Version:$Revision: 1.2 $ +Version:1.4 -Last-Modified:$Date: 2003/08/24 22:11:46 $ +Last-Modified:2003/11/10 19:21:57 Author:Marius Mauch <genone at genone.de>, -Status:Draft +Status:Accepted Type:Standards Track @@ -47,7 +47,7 @@ Created:18 Aug 2003 -Post-History:22-Aug-2003, 24-Aug-2003 +Post-History:22-Aug-2003, 24-Aug-2003, 10-Nov-2003 @@ -104,9 +104,10 @@

The GLSA format needs to be specified, I suggest using XML for that to simplify parsing and later extensions. See implementation for a sample DTD. The format has to be compatible with the update tool of course. If necessary a converter -tool or an editor could be written for people not comfortable with XML. -Every GLSA has to be GPG signed by the responsible developer, who has to be -a member of the security herd.

+tool or an editor could be written for people not comfortable with XML (update: +a QT based editor for the GLSA format written by plasmaroo exists in the +gentoo-projects repository). Every GLSA has to be GPG signed by the responsible +developer, who has to be a member of the security herd.

GLSA release process

@@ -117,8 +118,8 @@
  • check the GLSA for correctness
  • sign the GLSA with the developers GPG key
  • send a mail to gentoo-announce with the XML GLSA and a plaintext version attached
  • -
  • upload it to www.gentoo.org/glsa (or wherever they should be uploaded)
  • -
  • put it on the rsync server
  • +
  • upload it to www.gentoo.org/security/en/glsa (via cvs commit)
  • +
  • put it on the rsync server (via cvs commit)
  • notify the moderators on the forums to make an announcement
  • @@ -154,10 +155,9 @@

    Implementation

    A prototype implementation (including the update tool, a DTD and a sample -XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ . This GLEP is based -on that implementation, though it can be changed or rewritten if necessary. -According to portage developers there is also already some support for this in -portage.

    +XMLified GLSA) exists at http://gentoo.devel-net.org/glsa/ and in the +gentoo-projects/gentoo-security/GLSA repository. This GLEP is based +on that implementation, though it can be changed or rewritten if necessary.

    Backwards compatibility

    @@ -174,7 +174,7 @@