--- xml/htdocs/proj/en/glep/glep-0058.html 2010/02/07 16:24:17 1.7 +++ xml/htdocs/proj/en/glep/glep-0058.html 2010/04/07 06:35:40 1.8 @@ -27,9 +27,9 @@ Title:Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest -Version:1.7 +Version:1.9 -Last-Modified:2010/01/31 07:53:30 +Last-Modified:2010/04/07 06:35:16 Author:Robin Hugh Johnson <robbat2 at gentoo.org>, @@ -179,8 +179,8 @@
  • For the initial implementation, the same key as used for snapshot tarball signing is sufficient.
  • For the future, the key used for fully automated signing by infra -should not be on the same keyring as developer keys. See [#GLEPxx+3 -for further notes].
  • +should not be on the same keyring as developer keys. See +[#GLEPxx+3] for further notes. @@ -252,6 +252,9 @@

    Notes:

    +
    +

    System Message: INFO/1 (glep-0058.txt, line 202); backlink

    +Duplicate implicit target name: "notes:".
    1. For initial implementations, it is acceptable to check EVERY item in the eclass and profiles directory, rather than tracking the exact @@ -345,19 +348,34 @@

    References

    -
    -
    [C08a] Cappos, J et al. (2008). "Package Management Security".
    -
    University of Arizona Technical Report TR08-02. Available online -from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
    -
    [C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
    -
    Available online at: -http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
    -
    -
    -

    System Message: WARNING/2 (glep-0058.txt, line 307)

    -Definition list ends without a blank line; unexpected unindent.
    -

    [#GLEPxx+2] Future GLEP on Developer Process security. -[#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.

    + + + + + +
    [C08a]Cappos, J et al. (2008). "Package Management Security". +University of Arizona Technical Report TR08-02. Available online +from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
    + + + + + +
    [C08b]Cappos, J et al. (2008). "Attacks on Package Managers" +Available online at: +http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
    + + + + + +
    [1]Future GLEP on Developer Process security.
    + + + + + +
    [2]Future GLEP on GnuPG Policies and Handling.