Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Tree Integrity GLEPS for final review and council approval
Date: Tue, 01 Dec 2009 01:09:57
In Reply to: Re: [gentoo-dev] Next council meeting on 7 Dec 2009 at 1900UTC by Antoni Grzymala
On Mon, Nov 30, 2009 at 12:30:51PM +0100, Antoni Grzymala wrote:
> I reckon that missing GPG infrastructure is one of the greatest problems > of the Gentoo distribution esp. regarding serious corporate and academic > deployments. > > I can devote some time to helping with the matter.
I would certainly like to get that GLEP series completed and out there. There are still two GLEPs in the series that have not yet made it to draft status: However the main content of GLEPS 58-61 IS ready for the council to approve, and are NOT blocking on the above two items. As such, I would like to present GLEPS 58,59,60,61 for final review, and for the council to vote on their approval during the January meeting. I'm going to summarize them here: GLEP58: Security of distribution ... MetaManifest ------------------------------------------------- - covers all Manifests with a infra-generated parent Manifest. - required for end-to-end validation. - prevents certain package manager attacks. - NO day-to-day developer actions required. GLEP59: Manifest2 hash policies and security implications --------------------------------------------------------- - Add SHA512 to all Manifest files. - Schedule removal of SHA1, MD5, RMD160 for 6-18 months after SHA512 addition. - Be prepared to add the NIST hash contest candidates/winner. GLEP60: Manifest2 filetypes --------------------------- (Has one TODO that needs clarification). - Breaks down the Manifest2 filetypes into INFOrmational and CRITical. - If the package manager is being strict, then INFO filetypes are treated as CRIT filetypes. - INFO filetypes merely cause a warning on absence. - CRIT filetypes may trigger a delayed OR immediate failure of absence. GLEP61: Manifest2 compression ----------------------------- - Disk space optimization for MetaManifest from GLEP58. There is a prototype of the MetaManifest code here: It worked on Portage 2 years ago, but I haven't run it since then. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85