Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Robin H. Johnson (robbat2)" <robbat2@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview 01-distribution-process-security 02-developer-process-security 03-gnupg-policies-and-handling 04-manifest2-hashes 05-manifest2-clarifications
Date: Wed, 28 Nov 2007 04:37:04
Message-Id: E1IxEfJ-0004Ja-Kb@stork.gentoo.org
1 robbat2 07/11/28 04:36:49
2
3 Modified: 00-proposal-overview
4 01-distribution-process-security
5 02-developer-process-security
6 03-gnupg-policies-and-handling 04-manifest2-hashes
7 05-manifest2-clarifications
8 Log:
9 Clean up thanks section and headers.
10
11 Revision Changes Path
12 1.5 users/robbat2/tree-signing-gleps/00-proposal-overview
13
14 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.5&view=markup
15 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.5&content-type=text/plain
16 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.4&r2=1.5
17
18 Index: 00-proposal-overview
19 ===================================================================
20 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
21 retrieving revision 1.4
22 retrieving revision 1.5
23 diff -u -r1.4 -r1.5
24 --- 00-proposal-overview 28 Nov 2007 00:25:36 -0000 1.4
25 +++ 00-proposal-overview 28 Nov 2007 04:36:48 -0000 1.5
26 @@ -1,14 +1,14 @@
27 GLEP: xx
28 Title: Security of distribution of Gentoo software - Overview
29 -Version: $Revision: 1.4 $
30 -Last-Modified: $Date: 2007/11/28 00:25:36 $
31 +Version: $Revision: 1.5 $
32 +Last-Modified: $Date: 2007/11/28 04:36:48 $
33 Author: Robin Hugh Johnson <robbat2@g.o>,
34 Patrick Lauer <patrick@g.o>,
35 Status: Draft
36 Type: Informational
37 Content-Type: text/plain
38 Created: November 2005
39 -Updated: May 2006, October 2006
40 +Updated: May 2006, October 2006, Novemeber 2007
41 Post-History: ...
42
43 Abstract
44 @@ -277,8 +277,8 @@
45
46 Thanks
47 ======
48 -I'd like to thank Patrick Lauer <patrick@g.o> for prodding me to
49 -keep working on the tree-signing project, as well helping with spelling,
50 +I'd like to thank Patrick Lauer (patrick) for prodding me to keep
51 +working on the tree-signing project, as well helping with spelling,
52 grammar, research (esp. tracking down every possible vulnerability that
53 has been mentioned in past discussions, and integrating them in this
54 overview).
55
56
57
58 1.7 users/robbat2/tree-signing-gleps/01-distribution-process-security
59
60 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.7&view=markup
61 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.7&content-type=text/plain
62 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?r1=1.6&r2=1.7
63
64 Index: 01-distribution-process-security
65 ===================================================================
66 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security,v
67 retrieving revision 1.6
68 retrieving revision 1.7
69 diff -u -r1.6 -r1.7
70 --- 01-distribution-process-security 28 Nov 2007 04:30:03 -0000 1.6
71 +++ 01-distribution-process-security 28 Nov 2007 04:36:48 -0000 1.7
72 @@ -1,13 +1,14 @@
73 GLEP: xx+1
74 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
75 -Version: $Revision: 1.6 $
76 -Last-Modified: $Date: 2007/11/28 04:30:03 $
77 +Version: $Revision: 1.7 $
78 +Last-Modified: $Date: 2007/11/28 04:36:48 $
79 Author: Robin Hugh Johnson <robbat2@g.o>,
80 Status: Draft
81 Type: Standards Track
82 Content-Type: text/plain
83 Requires: GLEP44, GLEPxx+5
84 Created: October 2006
85 +Updated: November 2007
86 Post-History: ...
87
88 Abstract
89 @@ -181,13 +182,13 @@
90 Thanks
91 ======
92 I'd like to thank the following people for input on this GLEP.
93 -Patrick Lauer <patrick@g.o> - Prodding me to get all of the
94 -tree-signing work finished, and helping to edit.
95 -Ciaran McCreesh <ciaranm@...> - Manifest2 implementation in paludis
96 -Brian Harring <ferring@×××××.com> - Manifest2 implementation in pkgcore
97 -Marius Mauch <genone@g.o> - Manifest2 implementation in portage
98 +- Patrick Lauer (patrick): Prodding me to get all of the tree-signing
99 + work finished, and helping to edit.
100 +- Ciaran McCreesh (ciaranm): Paludis Manifest2
101 +- Brian Harring (ferringb): PkgCore Manifest2
102 +- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2
103 TODO:
104 -Ned Ludd <solar@g.o> - Security concept review
105 +- Ned Ludd (solar) - Security concept review
106
107 Copyright
108 =========
109
110
111
112 1.3 users/robbat2/tree-signing-gleps/02-developer-process-security
113
114 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?rev=1.3&view=markup
115 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?rev=1.3&content-type=text/plain
116 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?r1=1.2&r2=1.3
117
118 Index: 02-developer-process-security
119 ===================================================================
120 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security,v
121 retrieving revision 1.2
122 retrieving revision 1.3
123 diff -u -r1.2 -r1.3
124 --- 02-developer-process-security 28 Nov 2007 00:19:12 -0000 1.2
125 +++ 02-developer-process-security 28 Nov 2007 04:36:48 -0000 1.3
126 @@ -5,13 +5,14 @@
127
128 GLEP: xx+2
129 Title: Security of distribution of Gentoo software - Developer process security
130 -Version: $Revision: 1.2 $
131 -Last-Modified: $Date: 2007/11/28 00:19:12 $
132 +Version: $Revision: 1.3 $
133 +Last-Modified: $Date: 2007/11/28 04:36:48 $
134 Author: Robin Hugh Johnson <robbat2@g.o>,
135 Status: Draft
136 Type: Standards Track
137 Content-Type: text/plain
138 Created: October 2006
139 +Updated: November 2007
140 Post-History: ...
141
142 Abstract
143
144
145
146 1.3 users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling
147
148 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling?rev=1.3&view=markup
149 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling?rev=1.3&content-type=text/plain
150 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling?r1=1.2&r2=1.3
151
152 Index: 03-gnupg-policies-and-handling
153 ===================================================================
154 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling,v
155 retrieving revision 1.2
156 retrieving revision 1.3
157 diff -u -r1.2 -r1.3
158 --- 03-gnupg-policies-and-handling 28 Nov 2007 00:19:12 -0000 1.2
159 +++ 03-gnupg-policies-and-handling 28 Nov 2007 04:36:48 -0000 1.3
160 @@ -5,13 +5,14 @@
161
162 GLEP: xx+3
163 Title: Security of distribution of Gentoo software - Handling of GnuPG for developers and keymasters
164 -Version: $Revision: 1.2 $
165 -Last-Modified: $Date: 2007/11/28 00:19:12 $
166 +Version: $Revision: 1.3 $
167 +Last-Modified: $Date: 2007/11/28 04:36:48 $
168 Author: Robin Hugh Johnson <robbat2@g.o>,
169 Status: Draft
170 Type: Standards Track
171 Content-Type: text/plain
172 Created: October 2006
173 +Updated: November 2007
174 Post-History: ...
175
176 Abstract
177
178
179
180 1.4 users/robbat2/tree-signing-gleps/04-manifest2-hashes
181
182 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes?rev=1.4&view=markup
183 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes?rev=1.4&content-type=text/plain
184 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes?r1=1.3&r2=1.4
185
186 Index: 04-manifest2-hashes
187 ===================================================================
188 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes,v
189 retrieving revision 1.3
190 retrieving revision 1.4
191 diff -u -r1.3 -r1.4
192 --- 04-manifest2-hashes 28 Nov 2007 00:21:25 -0000 1.3
193 +++ 04-manifest2-hashes 28 Nov 2007 04:36:49 -0000 1.4
194 @@ -1,13 +1,14 @@
195 GLEP: xx+4
196 Title: Manifest2 hash policies and security implications
197 -Version: $Revision: 1.3 $
198 -Last-Modified: $Date: 2007/11/28 00:21:25 $
199 +Version: $Revision: 1.4 $
200 +Last-Modified: $Date: 2007/11/28 04:36:49 $
201 Author: Robin Hugh Johnson <robbat2@g.o>,
202 Status: Draft
203 Type: Standards Track
204 Content-Type: text/plain
205 Requires: GLEP44
206 Created: October 2006
207 +Updated: November 2007
208 Post-History: ...
209 Updates: GLEP44
210
211 @@ -146,10 +147,11 @@
212 Thanks to
213 =========
214 I'd like to thank the following folks, in no specific order:
215 -Ciaran McCreesh (ciaranm) - for pointing out the Joux (2004) paper, and
216 -being stubborn enough in not accepting a partial solution.
217 -Zac Medico (zmedico) and Brian Harring (ferringb) - for being
218 -knowledgeable about the present Manifest2 codebase.
219 +- Ciaran McCreesh (ciaranm) - for pointing out the Joux (2004) paper,
220 + and also being stubborn enough in not accepting a partial solution.
221 +- Marius Mauch (genone), Zac Medico (zmedico) and Brian Harring
222 + (ferringb): for being knowledgeable about the Portage Manifest2
223 + codebase.
224
225 Copyright
226 =========
227
228
229
230 1.3 users/robbat2/tree-signing-gleps/05-manifest2-clarifications
231
232 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications?rev=1.3&view=markup
233 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications?rev=1.3&content-type=text/plain
234 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications?r1=1.2&r2=1.3
235
236 Index: 05-manifest2-clarifications
237 ===================================================================
238 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications,v
239 retrieving revision 1.2
240 retrieving revision 1.3
241 diff -u -r1.2 -r1.3
242 --- 05-manifest2-clarifications 28 Nov 2007 04:29:20 -0000 1.2
243 +++ 05-manifest2-clarifications 28 Nov 2007 04:36:49 -0000 1.3
244 @@ -1,7 +1,7 @@
245 GLEP: xx+5
246 Title: Manifest2 filetypes
247 -Version: $Revision: 1.2 $
248 -Last-Modified: $Date: 2007/11/28 04:29:20 $
249 +Version: $Revision: 1.3 $
250 +Last-Modified: $Date: 2007/11/28 04:36:49 $
251 Author: Robin Hugh Johnson <robbat2@g.o>
252 Status: Draft
253 Type: Standards Track
254 @@ -129,6 +129,11 @@
255 The new entries may be included already in all Manifest files, as they
256 will be ignored by older Portage versions.
257
258 +Thanks to
259 +=========
260 +I'd like to thank the following people for input on this GLEP.
261 +- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2
262 +
263 References
264 ==========
265 [GLEP44] Mauch, M. (2005) GLEP44 - Manifest2 format.
266
267
268
269 --
270 gentoo-commits@g.o mailing list
Report Message
Find on MARC Find on Google Groups