| 1 |
robbat2 08/07/01 07:09:56 |
| 2 |
|
| 3 |
Modified: 01-distribution-process-security |
| 4 |
Log: |
| 5 |
Convert verification item 3.5 to a note about initial implementation only. |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.13 users/robbat2/tree-signing-gleps/01-distribution-process-security |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.13&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.13&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?r1=1.12&r2=1.13 |
| 13 |
|
| 14 |
Index: 01-distribution-process-security |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security,v |
| 17 |
retrieving revision 1.12 |
| 18 |
retrieving revision 1.13 |
| 19 |
diff -p -w -b -B -u -u -r1.12 -r1.13 |
| 20 |
--- 01-distribution-process-security 1 Jul 2008 07:08:20 -0000 1.12 |
| 21 |
+++ 01-distribution-process-security 1 Jul 2008 07:09:56 -0000 1.13 |
| 22 |
@@ -1,7 +1,7 @@ |
| 23 |
GLEP: xx+1 |
| 24 |
Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest |
| 25 |
-Version: $Revision: 1.12 $ |
| 26 |
-Last-Modified: $Date: 2008/07/01 07:08:20 $ |
| 27 |
+Version: $Revision: 1.13 $ |
| 28 |
+Last-Modified: $Date: 2008/07/01 07:09:56 $ |
| 29 |
Author: Robin Hugh Johnson <robbat2@g.o>, |
| 30 |
Status: Draft |
| 31 |
Type: Standards Track |
| 32 |
@@ -161,19 +161,19 @@ filetypes may be ignored on missing is d |
| 33 |
3.3. M2-verifying the contents of the Manifest. |
| 34 |
3.4. Perform M2-verification of all eclasses and profiles used (both |
| 35 |
directly and indirectly) by the ebuild. |
| 36 |
-3.5. For initial implementations, it is acceptable to check EVERY item |
| 37 |
- in the eclass and profiles directory, rather than tracking the |
| 38 |
- exact files used by every eclass (see note #1). Later |
| 39 |
- implementations should strive to only verify individual eclasses |
| 40 |
- and profiles as needed. |
| 41 |
|
| 42 |
Notes: |
| 43 |
====== |
| 44 |
-1. Tracking of exact files is of specific significance to the libtool |
| 45 |
-eclass, as it stores patches under eclass/ELT-patches, and as such that |
| 46 |
-would not be picked up by any tracing of the inherit function. This may |
| 47 |
-be alleviated by a later eclass and ebuild variable that explicitly |
| 48 |
-declares what files from the tree are used by a package. |
| 49 |
+1. For initial implementations, it is acceptable to check EVERY item in |
| 50 |
+ the eclass and profiles directory, rather than tracking the exact |
| 51 |
+ files used by every eclass (see note #2). Later implementations |
| 52 |
+ should strive to only verify individual eclasses and profiles as |
| 53 |
+ needed. |
| 54 |
+2. Tracking of exact files is of specific significance to the libtool |
| 55 |
+ eclass, as it stores patches under eclass/ELT-patches, and as such |
| 56 |
+ that would not be picked up by any tracing of the inherit function. |
| 57 |
+ This may be alleviated by a later eclass and ebuild variable that |
| 58 |
+ explicitly declares what files from the tree are used by a package. |
| 59 |
|
| 60 |
==================== |
| 61 |
Implementation Notes |
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
-- |
| 66 |
gentoo-commits@l.g.o mailing list |
Archives