Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Tree-signing GLEPS review notes
Date: Sun, 31 Jan 2010 10:12:21
In Reply to: [gentoo-dev] Tree-signing GLEPs update by "Robin H. Johnson"
The GLEP numbering represents the order in which I wrote the GLEPs.  It
originally started off as just two very large GLEPs. The informational
GLEP and the changes GLEP. I split it out BECAUSE I realized that many
of the parts should stand on their own merits.

For anybody looking for a hand in reviewing these, I suggest tackling
them in the following order:

Phase 0, background:
GLEP57 - Security overview

Phase 1, isolated improvements to Manifest2:
GLEP59 - Manifest2 hashes
GLEP61 - Manifest2 compression

Phase 2, adding to Manifest2 infrastructure:
GLEP60 - Manifest2 filetypes

Phase 3, Infra->User security:
GLEP58 - MetaManifest

Phase 4, Dev->infra security:
I still need to write the following:
GLEPxx - Developer Process Security
GLEPxx - GnuPG Policies and Handling

Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@g.o
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85