--- xml/htdocs/proj/en/glep/glep-0057.html 2008/10/28 07:47:52 1.3 +++ xml/htdocs/proj/en/glep/glep-0057.html 2010/01/13 03:28:33 1.4 @@ -4,7 +4,7 @@ - + GLEP 57 -- Security of distribution of Gentoo software - Overview @@ -27,9 +27,9 @@ Title:Security of distribution of Gentoo software - Overview -Version:1.2 +Version:1.3 -Last-Modified:2008/10/28 07:45:07 +Last-Modified:2010/01/13 03:26:53 Author:Robin Hugh Johnson <robbat2 at gentoo.org> @@ -41,9 +41,9 @@ Created:November 2005 -Updated:May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008 +Updated:May 2006, October 2006, November 2007, June 2008, July 2008, October 2008, January 2010 -Post-History: +Post-History:December 2009 @@ -109,8 +109,8 @@
  • Vulnerability of existing infrastructure to attacks. The previous two items make it possible for a skilled attacker to design an attack and then execute it against specific portions of -existing infrastructure (eg: Compromise a country-local rsync mirror, -and totally replace a package and it's Manifest).
  • +existing infrastructure (e.g.: Compromise a country-local rsync +mirror, and totally replace a package and it's Manifest). @@ -153,7 +153,7 @@ direct attacks against Upstream and Users are outside of the scope of this series of GLEPs as they are not in any way controlled or controllable by Gentoo - however attacks using Gentoo as a conduit -(including malicous mirrors) must be considered.

    +(including malicious mirrors) must be considered.

    Processes

    @@ -337,7 +337,7 @@

    2008-04-03, gentoo-dev mailing list, "Re: Monthly Gentoo Council Reminder for April" - Ciaran McCreesh (ciaranm). A thread in which Ciaran reminds everybody that simply making all the developers sign the -tree is not sufficent to prevent all attacks. +tree is not sufficient to prevent all attacks. [ http://thread.gmane.org/gmane.linux.gentoo.devel/55508/focus=55542 ]

    2008-07-01, gentoo-portage-dev mailing list, "proto-GLEPS for Tree-signing" - Robin H. Johnson (robbat2). Thread looking for review @@ -370,7 +370,7 @@