1 |
robbat2 07/11/28 04:36:49 |
2 |
|
3 |
Modified: 00-proposal-overview |
4 |
01-distribution-process-security |
5 |
02-developer-process-security |
6 |
03-gnupg-policies-and-handling 04-manifest2-hashes |
7 |
05-manifest2-clarifications |
8 |
Log: |
9 |
Clean up thanks section and headers. |
10 |
|
11 |
Revision Changes Path |
12 |
1.5 users/robbat2/tree-signing-gleps/00-proposal-overview |
13 |
|
14 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.5&view=markup |
15 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.5&content-type=text/plain |
16 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.4&r2=1.5 |
17 |
|
18 |
Index: 00-proposal-overview |
19 |
=================================================================== |
20 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v |
21 |
retrieving revision 1.4 |
22 |
retrieving revision 1.5 |
23 |
diff -u -r1.4 -r1.5 |
24 |
--- 00-proposal-overview 28 Nov 2007 00:25:36 -0000 1.4 |
25 |
+++ 00-proposal-overview 28 Nov 2007 04:36:48 -0000 1.5 |
26 |
@@ -1,14 +1,14 @@ |
27 |
GLEP: xx |
28 |
Title: Security of distribution of Gentoo software - Overview |
29 |
-Version: $Revision: 1.4 $ |
30 |
-Last-Modified: $Date: 2007/11/28 00:25:36 $ |
31 |
+Version: $Revision: 1.5 $ |
32 |
+Last-Modified: $Date: 2007/11/28 04:36:48 $ |
33 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
34 |
Patrick Lauer <patrick@g.o>, |
35 |
Status: Draft |
36 |
Type: Informational |
37 |
Content-Type: text/plain |
38 |
Created: November 2005 |
39 |
-Updated: May 2006, October 2006 |
40 |
+Updated: May 2006, October 2006, Novemeber 2007 |
41 |
Post-History: ... |
42 |
|
43 |
Abstract |
44 |
@@ -277,8 +277,8 @@ |
45 |
|
46 |
Thanks |
47 |
====== |
48 |
-I'd like to thank Patrick Lauer <patrick@g.o> for prodding me to |
49 |
-keep working on the tree-signing project, as well helping with spelling, |
50 |
+I'd like to thank Patrick Lauer (patrick) for prodding me to keep |
51 |
+working on the tree-signing project, as well helping with spelling, |
52 |
grammar, research (esp. tracking down every possible vulnerability that |
53 |
has been mentioned in past discussions, and integrating them in this |
54 |
overview). |
55 |
|
56 |
|
57 |
|
58 |
1.7 users/robbat2/tree-signing-gleps/01-distribution-process-security |
59 |
|
60 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.7&view=markup |
61 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.7&content-type=text/plain |
62 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?r1=1.6&r2=1.7 |
63 |
|
64 |
Index: 01-distribution-process-security |
65 |
=================================================================== |
66 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security,v |
67 |
retrieving revision 1.6 |
68 |
retrieving revision 1.7 |
69 |
diff -u -r1.6 -r1.7 |
70 |
--- 01-distribution-process-security 28 Nov 2007 04:30:03 -0000 1.6 |
71 |
+++ 01-distribution-process-security 28 Nov 2007 04:36:48 -0000 1.7 |
72 |
@@ -1,13 +1,14 @@ |
73 |
GLEP: xx+1 |
74 |
Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest |
75 |
-Version: $Revision: 1.6 $ |
76 |
-Last-Modified: $Date: 2007/11/28 04:30:03 $ |
77 |
+Version: $Revision: 1.7 $ |
78 |
+Last-Modified: $Date: 2007/11/28 04:36:48 $ |
79 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
80 |
Status: Draft |
81 |
Type: Standards Track |
82 |
Content-Type: text/plain |
83 |
Requires: GLEP44, GLEPxx+5 |
84 |
Created: October 2006 |
85 |
+Updated: November 2007 |
86 |
Post-History: ... |
87 |
|
88 |
Abstract |
89 |
@@ -181,13 +182,13 @@ |
90 |
Thanks |
91 |
====== |
92 |
I'd like to thank the following people for input on this GLEP. |
93 |
-Patrick Lauer <patrick@g.o> - Prodding me to get all of the |
94 |
-tree-signing work finished, and helping to edit. |
95 |
-Ciaran McCreesh <ciaranm@...> - Manifest2 implementation in paludis |
96 |
-Brian Harring <ferring@×××××.com> - Manifest2 implementation in pkgcore |
97 |
-Marius Mauch <genone@g.o> - Manifest2 implementation in portage |
98 |
+- Patrick Lauer (patrick): Prodding me to get all of the tree-signing |
99 |
+ work finished, and helping to edit. |
100 |
+- Ciaran McCreesh (ciaranm): Paludis Manifest2 |
101 |
+- Brian Harring (ferringb): PkgCore Manifest2 |
102 |
+- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2 |
103 |
TODO: |
104 |
-Ned Ludd <solar@g.o> - Security concept review |
105 |
+- Ned Ludd (solar) - Security concept review |
106 |
|
107 |
Copyright |
108 |
========= |
109 |
|
110 |
|
111 |
|
112 |
1.3 users/robbat2/tree-signing-gleps/02-developer-process-security |
113 |
|
114 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?rev=1.3&view=markup |
115 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?rev=1.3&content-type=text/plain |
116 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?r1=1.2&r2=1.3 |
117 |
|
118 |
Index: 02-developer-process-security |
119 |
=================================================================== |
120 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security,v |
121 |
retrieving revision 1.2 |
122 |
retrieving revision 1.3 |
123 |
diff -u -r1.2 -r1.3 |
124 |
--- 02-developer-process-security 28 Nov 2007 00:19:12 -0000 1.2 |
125 |
+++ 02-developer-process-security 28 Nov 2007 04:36:48 -0000 1.3 |
126 |
@@ -5,13 +5,14 @@ |
127 |
|
128 |
GLEP: xx+2 |
129 |
Title: Security of distribution of Gentoo software - Developer process security |
130 |
-Version: $Revision: 1.2 $ |
131 |
-Last-Modified: $Date: 2007/11/28 00:19:12 $ |
132 |
+Version: $Revision: 1.3 $ |
133 |
+Last-Modified: $Date: 2007/11/28 04:36:48 $ |
134 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
135 |
Status: Draft |
136 |
Type: Standards Track |
137 |
Content-Type: text/plain |
138 |
Created: October 2006 |
139 |
+Updated: November 2007 |
140 |
Post-History: ... |
141 |
|
142 |
Abstract |
143 |
|
144 |
|
145 |
|
146 |
1.3 users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling |
147 |
|
148 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling?rev=1.3&view=markup |
149 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling?rev=1.3&content-type=text/plain |
150 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling?r1=1.2&r2=1.3 |
151 |
|
152 |
Index: 03-gnupg-policies-and-handling |
153 |
=================================================================== |
154 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/03-gnupg-policies-and-handling,v |
155 |
retrieving revision 1.2 |
156 |
retrieving revision 1.3 |
157 |
diff -u -r1.2 -r1.3 |
158 |
--- 03-gnupg-policies-and-handling 28 Nov 2007 00:19:12 -0000 1.2 |
159 |
+++ 03-gnupg-policies-and-handling 28 Nov 2007 04:36:48 -0000 1.3 |
160 |
@@ -5,13 +5,14 @@ |
161 |
|
162 |
GLEP: xx+3 |
163 |
Title: Security of distribution of Gentoo software - Handling of GnuPG for developers and keymasters |
164 |
-Version: $Revision: 1.2 $ |
165 |
-Last-Modified: $Date: 2007/11/28 00:19:12 $ |
166 |
+Version: $Revision: 1.3 $ |
167 |
+Last-Modified: $Date: 2007/11/28 04:36:48 $ |
168 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
169 |
Status: Draft |
170 |
Type: Standards Track |
171 |
Content-Type: text/plain |
172 |
Created: October 2006 |
173 |
+Updated: November 2007 |
174 |
Post-History: ... |
175 |
|
176 |
Abstract |
177 |
|
178 |
|
179 |
|
180 |
1.4 users/robbat2/tree-signing-gleps/04-manifest2-hashes |
181 |
|
182 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes?rev=1.4&view=markup |
183 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes?rev=1.4&content-type=text/plain |
184 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes?r1=1.3&r2=1.4 |
185 |
|
186 |
Index: 04-manifest2-hashes |
187 |
=================================================================== |
188 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/04-manifest2-hashes,v |
189 |
retrieving revision 1.3 |
190 |
retrieving revision 1.4 |
191 |
diff -u -r1.3 -r1.4 |
192 |
--- 04-manifest2-hashes 28 Nov 2007 00:21:25 -0000 1.3 |
193 |
+++ 04-manifest2-hashes 28 Nov 2007 04:36:49 -0000 1.4 |
194 |
@@ -1,13 +1,14 @@ |
195 |
GLEP: xx+4 |
196 |
Title: Manifest2 hash policies and security implications |
197 |
-Version: $Revision: 1.3 $ |
198 |
-Last-Modified: $Date: 2007/11/28 00:21:25 $ |
199 |
+Version: $Revision: 1.4 $ |
200 |
+Last-Modified: $Date: 2007/11/28 04:36:49 $ |
201 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
202 |
Status: Draft |
203 |
Type: Standards Track |
204 |
Content-Type: text/plain |
205 |
Requires: GLEP44 |
206 |
Created: October 2006 |
207 |
+Updated: November 2007 |
208 |
Post-History: ... |
209 |
Updates: GLEP44 |
210 |
|
211 |
@@ -146,10 +147,11 @@ |
212 |
Thanks to |
213 |
========= |
214 |
I'd like to thank the following folks, in no specific order: |
215 |
-Ciaran McCreesh (ciaranm) - for pointing out the Joux (2004) paper, and |
216 |
-being stubborn enough in not accepting a partial solution. |
217 |
-Zac Medico (zmedico) and Brian Harring (ferringb) - for being |
218 |
-knowledgeable about the present Manifest2 codebase. |
219 |
+- Ciaran McCreesh (ciaranm) - for pointing out the Joux (2004) paper, |
220 |
+ and also being stubborn enough in not accepting a partial solution. |
221 |
+- Marius Mauch (genone), Zac Medico (zmedico) and Brian Harring |
222 |
+ (ferringb): for being knowledgeable about the Portage Manifest2 |
223 |
+ codebase. |
224 |
|
225 |
Copyright |
226 |
========= |
227 |
|
228 |
|
229 |
|
230 |
1.3 users/robbat2/tree-signing-gleps/05-manifest2-clarifications |
231 |
|
232 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications?rev=1.3&view=markup |
233 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications?rev=1.3&content-type=text/plain |
234 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications?r1=1.2&r2=1.3 |
235 |
|
236 |
Index: 05-manifest2-clarifications |
237 |
=================================================================== |
238 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/05-manifest2-clarifications,v |
239 |
retrieving revision 1.2 |
240 |
retrieving revision 1.3 |
241 |
diff -u -r1.2 -r1.3 |
242 |
--- 05-manifest2-clarifications 28 Nov 2007 04:29:20 -0000 1.2 |
243 |
+++ 05-manifest2-clarifications 28 Nov 2007 04:36:49 -0000 1.3 |
244 |
@@ -1,7 +1,7 @@ |
245 |
GLEP: xx+5 |
246 |
Title: Manifest2 filetypes |
247 |
-Version: $Revision: 1.2 $ |
248 |
-Last-Modified: $Date: 2007/11/28 04:29:20 $ |
249 |
+Version: $Revision: 1.3 $ |
250 |
+Last-Modified: $Date: 2007/11/28 04:36:49 $ |
251 |
Author: Robin Hugh Johnson <robbat2@g.o> |
252 |
Status: Draft |
253 |
Type: Standards Track |
254 |
@@ -129,6 +129,11 @@ |
255 |
The new entries may be included already in all Manifest files, as they |
256 |
will be ignored by older Portage versions. |
257 |
|
258 |
+Thanks to |
259 |
+========= |
260 |
+I'd like to thank the following people for input on this GLEP. |
261 |
+- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2 |
262 |
+ |
263 |
References |
264 |
========== |
265 |
[GLEP44] Mauch, M. (2005) GLEP44 - Manifest2 format. |
266 |
|
267 |
|
268 |
|
269 |
-- |
270 |
gentoo-commits@g.o mailing list |