--- xml/htdocs/proj/en/glep/glep-0057.html 2010/02/07 16:24:17 1.6 +++ xml/htdocs/proj/en/glep/glep-0057.html 2010/04/07 21:56:59 1.7 @@ -27,9 +27,9 @@ Title:Security of distribution of Gentoo software - Overview -Version:1.4 +Version:1.6 -Last-Modified:2010/01/29 09:04:17 +Last-Modified:2010/04/07 21:34:24 Author:Robin Hugh Johnson <robbat2 at gentoo.org> @@ -169,10 +169,10 @@ mirrors (this includes both HTTP and rsync distribution). -

Both processes need their security improved. In [#GLEPxx+2] we will discuss +

Both processes need their security improved. In [GLEPxx2] we will discuss how to improve the security of the first process. The relatively speaking simpler process of file distribution will be described in -[#GLEP58]. Since it can be implemented without having to change the +[GLEP58]. Since it can be implemented without having to change the workflow and behaviour of developers we hope to get it done in a reasonably short timeframe.

@@ -211,7 +211,7 @@ fully authorized to provide materials for distribution. Partial protection can be gained by Portage and Infrastructure changes, but the real improvements needed are developer education and continued -vigilance. This is further discussed in [#GLEPxx+2].

+vigilance. This is further discussed in [GLEPxx2].

This security is still limited in scope - protection against compromised developers is very expensive, and even complex systems like peer review / multiple signatures can be broken by colluding developers. There are many @@ -224,7 +224,7 @@ that Gentoo infrastructure and the mirrors are not a weak point. This objective is actually much closer than it seems already - most of the work has been completed for other things!. This is further discussed in -[#GLEP58]. As this process has the most to gain in security, and the +[GLEP58]. As this process has the most to gain in security, and the most immediate impact, it should be implemented before or at the same time as any changes to process #1. Security at this layer is already available in the signed daily snapshots, but we can extend it to cover @@ -361,33 +361,55 @@

References

-
-
[C08a] Cappos, J et al. (2008). "Package Management Security".
-
University of Arizona Technical Report TR08-02. Available online -from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
-
[C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
-
Available online at: -http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
-
-
-

System Message: WARNING/2 (glep-0057.txt, line 340)

-Definition list ends without a blank line; unexpected unindent.
-

[#GLEPxx+2] Future GLEP on Developer Process security. -[#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.

+ + + + + +
[C08a]Cappos, J et al. (2008). "Package Management Security". +University of Arizona Technical Report TR08-02. Available online +from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
+ + + + + +
[C08b]Cappos, J et al. (2008). "Attacks on Package Managers" +Available online at: +http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
+ + + + + +
[GLEP58]Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest +http://www.gentoo.org/proj/en/glep/glep-0058.html
+ + + + + +
[GLEPxx2]Future GLEP on Developer Process security.
+ + + + + +
[GLEPxx3]Future GLEP on GnuPG Policies and Handling.