Contents of /xml/htdocs/proj/en/glep/glep-0014.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download) (as text)
Fri Aug 22 15:11:16 2003 UTC (15 years, 7 months ago) by g2boojum
Branch: MAIN
File MIME type: text/html
New glep

1 <?xml version="1.0" encoding="utf-8" ?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <!--
5 This HTML is auto-generated. DO NOT EDIT THIS FILE! If you are writing a new
6 PEP, see http://www.python.org/peps/pep-0001.html for instructions and links
8 -->
9 <head>
10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
11 <meta name="generator" content="Docutils 0.3.0: http://docutils.sourceforge.net/" />
12 <title>GLEP 14 -- security updates based on GLSA</title>
13 <link rel="stylesheet" href="tools/glep.css" type="text/css" />
14 </head>
15 <body bgcolor="white">
16 <table class="navigation" cellpadding="0" cellspacing="0"
17 width="100%" border="0">
18 <tr><td class="navicon" width="150" height="35">
19 <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
20 <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
21 border="0" width="150" height="35" /></a></td>
22 <td class="textlinks" align="left">
23 [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
24 [<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>]
25 [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0014.txt">GLEP Source</a></b>]
26 </td></tr></table>
27 <div class="document">
28 <table class="rfc2822 field-list" frame="void" rules="none">
29 <col class="field-name" />
30 <col class="field-body" />
31 <tbody valign="top">
32 <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">14</td>
33 </tr>
34 <tr class="field"><th class="field-name">Title:</th><td class="field-body">security updates based on GLSA</td>
35 </tr>
36 <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.1</td>
37 </tr>
38 <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0014.txt?cvsroot=gentoo">2003/08/22 15:00:55</a></td>
39 </tr>
40 <tr class="field"><th class="field-name">Author:</th><td class="field-body">Marius Mauch &lt;genone&#32;&#97;t&#32;genone.de&gt;,</td>
41 </tr>
42 <tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
43 </tr>
44 <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
45 </tr>
46 <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
47 </tr>
48 <tr class="field"><th class="field-name">Created:</th><td class="field-body">18 Aug 2003</td>
49 </tr>
50 <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">22-Aug-2003</td>
51 </tr>
52 </tbody>
53 </table>
54 <hr />
55 <div class="contents topic" id="contents">
56 <p class="topic-title"><a name="contents">Contents</a></p>
57 <ul class="simple">
58 <li><a class="reference" href="#abstract" id="id2" name="id2">Abstract</a></li>
59 <li><a class="reference" href="#motivation" id="id3" name="id3">Motivation</a></li>
60 <li><a class="reference" href="#proposed-change" id="id4" name="id4">Proposed change</a><ul>
61 <li><a class="reference" href="#update-tool" id="id5" name="id5">Update tool</a></li>
62 <li><a class="reference" href="#glsa-format" id="id6" name="id6">GLSA format</a></li>
63 <li><a class="reference" href="#glsa-release-process" id="id7" name="id7">GLSA release process</a></li>
64 <li><a class="reference" href="#portage-changes" id="id8" name="id8">Portage changes</a></li>
65 </ul>
66 </li>
67 <li><a class="reference" href="#rationale" id="id9" name="id9">Rationale</a></li>
68 <li><a class="reference" href="#implementation" id="id10" name="id10">Implementation</a></li>
69 <li><a class="reference" href="#backwards-compatibility" id="id11" name="id11">Backwards compatibility</a></li>
70 <li><a class="reference" href="#copyright" id="id12" name="id12">Copyright</a></li>
71 </ul>
72 </div>
73 <div class="section" id="abstract">
74 <h1><a class="toc-backref" href="#id2" name="abstract">Abstract</a></h1>
75 <p>There is currently no automatic way to check a Gentoo system for identified
76 security holes or auto-apply security fixes. This GLEP proposes a way to deal
77 with this issue</p>
78 </div>
79 <div class="section" id="motivation">
80 <h1><a class="toc-backref" href="#id3" name="motivation">Motivation</a></h1>
81 <p>Automatic checking for security updates is a often requested feature for Gentoo.
82 Implementing it will enable users to fix security holes without reading every
83 security announcement. It's also a feature that is often required in enterprise
84 environments.</p>
85 </div>
86 <div class="section" id="proposed-change">
87 <h1><a class="toc-backref" href="#id4" name="proposed-change">Proposed change</a></h1>
88 <div class="section" id="update-tool">
89 <h2><a class="toc-backref" href="#id5" name="update-tool">Update tool</a></h2>
90 <p>The coding part of this GLEP is a update tool that reads a GLSA, checks if
91 the system is affected by it and executes one of the following actions, depending
92 on user preferences:</p>
93 <ul class="simple">
94 <li>run all steps necessary to fix the security hole, including package updates and
95 daemon restarts.</li>
96 <li>instruct the user how to fix the security hole.</li>
97 <li>print the GLSA so the user can get more information if desired.</li>
98 </ul>
99 <p>Once this tool is implemented and well tested it can be integrated into portage.
100 A prototype <a class="reference" href="#implementation">implementation</a> for this tool exists.</p>
101 </div>
102 <div class="section" id="glsa-format">
103 <h2><a class="toc-backref" href="#id6" name="glsa-format">GLSA format</a></h2>
104 <p>The GLSA format needs to be specified, I suggest using XML for that to simplify
105 parsing and later extensions. See <a class="reference" href="#implementation">implementation</a> for a sample DTD. The format
106 has to be compatible with the update tool of course. If necessary a converter
107 tool or an editor could be written for people not comfortable with XML.</p>
108 </div>
109 <div class="section" id="glsa-release-process">
110 <h2><a class="toc-backref" href="#id7" name="glsa-release-process">GLSA release process</a></h2>
111 <p>Additional to sending the GLSA to the gentoo-announce mailing list it has to be
112 stored on a HTTP/FTP server and in the portage tree. I'd suggest a script should
113 be used to release a GLSA that will:</p>
114 <ul class="simple">
115 <li>check the GLSA for correctness</li>
116 <li>send a mail to gentoo-announce with the XML GLSA and a plaintext version attached</li>
117 <li>upload it to www.gentoo.org/glsa (or wherever they should be uploaded)</li>
118 <li>put it on the rsync server</li>
119 <li>notify the moderators on the forums to make an announcement</li>
120 </ul>
121 </div>
122 <div class="section" id="portage-changes">
123 <h2><a class="toc-backref" href="#id8" name="portage-changes">Portage changes</a></h2>
124 <p>Until the <a class="reference" href="#update-tool">update tool</a> is integrated into portage there will be no code changes
125 to portage. The update tool might require a few new configuration options, these
126 could be placed in make.conf or another config file in /etc/portage.</p>
127 </div>
128 </div>
129 <div class="section" id="rationale">
130 <h1><a class="toc-backref" href="#id9" name="rationale">Rationale</a></h1>
131 <p>The lack of automated security updates for Gentoo is one of the most often requested
132 features for portage as it is one of the standard features of other distributions.
133 As Gentoo already provides GLSAs for important security bugs it is only natural
134 to use these to implement this feature.</p>
135 <p>To parse a GLSA in a program the format needs to be specified and a parser has
136 to be written. I suggest the use of XML for future GLSAs for the following reasons:</p>
137 <ul class="simple">
138 <li>can be parsed and validated with existing libraries</li>
139 <li>easy to extend while maintaining backwards compatibility</li>
140 <li>tools can convert XML GLSAs in other formats, the other direction would be harder</li>
141 <li>websites can use XSLT to markup GLSAs</li>
142 </ul>
143 <p>Putting the GLSAs in the portage tree allows all users to check their systems
144 for security updates without taking more actions and simplifies later integration
145 of the update tool into portage. For security minded persons the GLSAs are
146 available on a HTTP server to ease the load of the rsync servers.</p>
147 </div>
148 <div class="section" id="implementation">
149 <h1><a class="toc-backref" href="#id10" name="implementation">Implementation</a></h1>
150 <p>A prototype implementation (including the update tool, a DTD and a sample
151 XMLified GLSA) exists at <a class="reference" href="http://gentoo.devel-net.org/glsa/">http://gentoo.devel-net.org/glsa/</a> . This GLEP is based
152 on that implementation, though it can be changed or rewritten if necessary.
153 According to portage developers there is also already some support for this in
154 portage.</p>
155 </div>
156 <div class="section" id="backwards-compatibility">
157 <h1><a class="toc-backref" href="#id11" name="backwards-compatibility">Backwards compatibility</a></h1>
158 <p>The current <a class="reference" href="#glsa-release-process">GLSA release process</a> needs to be replaced with this proposal. It
159 would be nice if old GLSAs would be transformed into XML as well, but that is
160 not a requirement for this GLEP.</p>
161 </div>
162 <div class="section" id="copyright">
163 <h1><a class="toc-backref" href="#id12" name="copyright">Copyright</a></h1>
164 <p>This document has been placed in the public domain.</p>
165 </div>
166 </div>
168 <hr class="footer"/>
169 <div class="footer">
170 <a class="reference" href="glep-0014.txt">View document source</a>.
171 Generated on: 2003-08-22 15:08 UTC.
172 Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
173 </div>
174 </body>
175 </html>

  ViewVC Help
Powered by ViewVC 1.1.20