| 1 |
robbat2 08/10/28 07:45:07 |
| 2 |
|
| 3 |
Modified: glep-0057.txt |
| 4 |
Log: |
| 5 |
Fix references to other GLEPs in the series and headers. |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.2 xml/htdocs/proj/en/glep/glep-0057.txt |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0057.txt?rev=1.2&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0057.txt?rev=1.2&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0057.txt?r1=1.1&r2=1.2 |
| 13 |
|
| 14 |
Index: glep-0057.txt |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0057.txt,v |
| 17 |
retrieving revision 1.1 |
| 18 |
retrieving revision 1.2 |
| 19 |
diff -p -w -b -B -u -u -r1.1 -r1.2 |
| 20 |
--- glep-0057.txt 21 Oct 2008 23:30:47 -0000 1.1 |
| 21 |
+++ glep-0057.txt 28 Oct 2008 07:45:07 -0000 1.2 |
| 22 |
@@ -1,13 +1,14 @@ |
| 23 |
GLEP: 57 |
| 24 |
Title: Security of distribution of Gentoo software - Overview |
| 25 |
-Version: $Revision: 1.1 $ |
| 26 |
-Last-Modified: $Date: 2008/10/21 23:30:47 $ |
| 27 |
+Version: $Revision: 1.2 $ |
| 28 |
+Last-Modified: $Date: 2008/10/28 07:45:07 $ |
| 29 |
Author: Robin Hugh Johnson <robbat2@g.o> |
| 30 |
Status: Draft |
| 31 |
Type: Informational |
| 32 |
Content-Type: text/x-rst |
| 33 |
Created: November 2005 |
| 34 |
Updated: May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008 |
| 35 |
+Post-History: |
| 36 |
|
| 37 |
Abstract |
| 38 |
======== |
| 39 |
@@ -105,10 +106,10 @@ security needs to be implemented: |
| 40 |
- Tree and distfile distribution from Infrastructure to Users, via the |
| 41 |
mirrors (this includes both HTTP and rsync distribution). |
| 42 |
|
| 43 |
-Both processes need their security improved. In [GLEPxx+2] we will discuss |
| 44 |
+Both processes need their security improved. In [#GLEPxx+2] we will discuss |
| 45 |
how to improve the security of the first process. The relatively |
| 46 |
speaking simpler process of file distribution will be described in |
| 47 |
-[GLEPxx+1]. Since it can be implemented without having to change the |
| 48 |
+[#GLEP58]. Since it can be implemented without having to change the |
| 49 |
workflow and behaviour of developers we hope to get it done in a |
| 50 |
reasonably short timeframe. |
| 51 |
|
| 52 |
@@ -150,7 +151,7 @@ modifications to our development process |
| 53 |
fully authorized to provide materials for distribution. Partial |
| 54 |
protection can be gained by Portage and Infrastructure changes, but the |
| 55 |
real improvements needed are developer education and continued |
| 56 |
-vigilance. This is further discussed in [GLEPxx+2]. |
| 57 |
+vigilance. This is further discussed in [#GLEPxx+2]. |
| 58 |
|
| 59 |
This security is still limited in scope - protection against compromised |
| 60 |
developers is very expensive, and even complex systems like peer review |
| 61 |
@@ -165,7 +166,7 @@ cannot be complete (as the User may be a |
| 62 |
that Gentoo infrastructure and the mirrors are not a weak point. This |
| 63 |
objective is actually much closer than it seems already - most of the |
| 64 |
work has been completed for other things!. This is further discussed in |
| 65 |
-[GLEP58]. As this process has the most to gain in security, and the |
| 66 |
+[#GLEP58]. As this process has the most to gain in security, and the |
| 67 |
most immediate impact, it should be implemented before or at the same |
| 68 |
time as any changes to process #1. Security at this layer is already |
| 69 |
available in the signed daily snapshots, but we can extend it to cover |
Archives