1 |
robbat2 08/10/09 21:33:12 |
2 |
|
3 |
Modified: 01-distribution-process-security |
4 |
Log: |
5 |
Fix sentence structure. |
6 |
|
7 |
Revision Changes Path |
8 |
1.22 users/robbat2/tree-signing-gleps/01-distribution-process-security |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.22&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.22&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?r1=1.21&r2=1.22 |
13 |
|
14 |
Index: 01-distribution-process-security |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security,v |
17 |
retrieving revision 1.21 |
18 |
retrieving revision 1.22 |
19 |
diff -p -w -b -B -u -u -r1.21 -r1.22 |
20 |
--- 01-distribution-process-security 9 Oct 2008 21:11:21 -0000 1.21 |
21 |
+++ 01-distribution-process-security 9 Oct 2008 21:33:11 -0000 1.22 |
22 |
@@ -1,7 +1,7 @@ |
23 |
GLEP: xx+1 |
24 |
Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest |
25 |
-Version: $Revision: 1.21 $ |
26 |
-Last-Modified: $Date: 2008/10/09 21:11:21 $ |
27 |
+Version: $Revision: 1.22 $ |
28 |
+Last-Modified: $Date: 2008/10/09 21:33:11 $ |
29 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
30 |
Status: Draft |
31 |
Type: Standards Track |
32 |
@@ -52,8 +52,8 @@ No other guarantees, either implicit or |
33 |
|
34 |
Additionally, distributing a set of the most recent MetaManifests from a |
35 |
trusted source allows validation of trees that come from community |
36 |
-mirrors, and allows detection of malicious (either by deliberate delay, |
37 |
-replay [C08a, C08b] or alteration community mirrors. |
38 |
+mirrors, and allows detection of all cases of malicious mirrors (either |
39 |
+by deliberate delay, replay [C08a, C08b] or alteration). |
40 |
|
41 |
============= |
42 |
Specification |
43 |
@@ -228,7 +228,7 @@ for a recent timeframe (eg one week) sho |
44 |
"MetaManifest.$TS", where $TS is the timestamp from inside the file. |
45 |
The most recent MetaManifest should always be symlinked as |
46 |
MetaManifest.current. The possibility of serving the recent |
47 |
-MetaManifests via HTTPS should also be explored to mitigate MITM |
48 |
+MetaManifests via HTTPS should also be explored to mitigate MitM |
49 |
attacks. |
50 |
|
51 |
The package manager should obtain MetaManifest.current and use it to |