Fix RST validation.

1 files changed, 46 insertions, 40 deletions

diff --git a/users/robbat2/tree-signing-gleps/01-distribution-process-security b/users/robbat2/tree-signing-gleps/01-distribution-process-security
index 02818075f1..89ce788937 100644
--- a/users/robbat2/tree-signing-gleps/01-distribution-process-security
+++ b/users/robbat2/tree-signing-gleps/01-distribution-process-security
@@ -1,7 +1,7 @@
 GLEP: xx+1
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.24 $
-Last-Modified: $Date: 2008/10/09 23:23:12 $
+Version: $Revision: 1.25 $
+Last-Modified: $Date: 2008/10/22 00:41:43 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -79,19 +79,21 @@ Procedure for creating the MetaManifest file:
    this procedure applies to overlays as well).
 
 2. Initialize two unordered sets: COVERED, ALL.
-2.1. 'ALL' will contain every file in the tree.
-2.2. 'COVERED' will contain every file that is mentioned in an existing
-     Manifest2.
+
+   1. 'ALL' will contain every file in the tree.
+   2. 'COVERED' will contain every file that is mentioned in an existing
+       Manifest2.
 
 3. Traverse the tree, depth-first.
-3.1. At the top level only, ignore the following directories: distfiles,
-     packages, local
-3.2. If a directory contains a Manifest file, extract all relevant local
-     files from it (presently: AUX, MISC, EBUILD; but should follow the
-     evolution of Manifest2 entry types per [GLEPxx+5]), and place them
-     into the COVERED set.
-3.3. Recursively add every file in the directory to the ALL set,
-     pursusant to the exclusion list as mentioned in [GLEPxx+5].
+
+   1. At the top level only, ignore the following directories: distfiles,
+      packages, local
+   2. If a directory contains a Manifest file, extract all relevant local
+      files from it (presently: AUX, MISC, EBUILD; but should follow the
+      evolution of Manifest2 entry types per [GLEPxx+5]), and place them
+      into the COVERED set.
+   3. Recursively add every file in the directory to the ALL set,
+      pursusant to the exclusion list as mentioned in [GLEPxx+5].
 
 4. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED).
    This is every item that is not covered by another Manifest, or part
@@ -112,11 +114,12 @@ Procedure for creating the MetaManifest file:
    The package manager MUST not use the identifying string as a filename.
 
 8. The MetaManifest must ultimately be GnuPG-signed.
-8.1. For the initial implementation, the same key as used for snapshot
-     tarball signing is sufficient.
-8.2. For the future, the key used for fully automated signing by infra
-     should not be on the same keyring as developer keys. See [GLEPxx+3
-     for further notes].
+
+   1. For the initial implementation, the same key as used for snapshot
+      tarball signing is sufficient.
+   2. For the future, the key used for fully automated signing by infra
+      should not be on the same keyring as developer keys. See [GLEPxx+3
+      for further notes].
 
 The above does not conflict the proposal contained in GLEP33, which
 restructure eclasses to include subdirectories and Manifest files, as
@@ -154,32 +157,34 @@ filetypes may be ignored on missing is discussed in [GLEPxx+5].
 1. Check the GnuPG signature on the MetaManifest against the keyring of
    automated Gentoo keys. See [GLEPxx+3] for full details regarding
    verification of GnuPG signatures. 
-1.1. Abort if the signature check fails.
+   1. Abort if the signature check fails.
 
 2. Check the Timestamp header. If it is significently out of date
    compared to the local clock or a trusted source, halt or require
    manual intervention from the user.
 
 3. For a verification of the tree following an rsync:
-3.1. Build a set 'ALL' of every file covered by the rsync. (exclude
-     distfiles/, packages/, local/)
-3.2. M2-verify every entry in the MetaManifest, descending into inferior
-     Manifests as needed. Place the relative path of every checked item
-     into a set 'COVERED'.
-3.3. Construct the set 'UNCOVERED' by set-difference between the ALL and
-     COVERED sets.
-3.4. For each file in the UNCOVERED set, assign a Manifest2 filetype.
-3.5. If the filetype for any file in the UNCOVERED set requires a halt
-     on error, abort and display a suitable error.
-3.6. Completed verification
+
+   1. Build a set 'ALL' of every file covered by the rsync. (exclude
+      distfiles/, packages/, local/)
+   2. M2-verify every entry in the MetaManifest, descending into inferior
+      Manifests as needed. Place the relative path of every checked item
+      into a set 'COVERED'.
+   3. Construct the set 'UNCOVERED' by set-difference between the ALL and
+      COVERED sets.
+   4. For each file in the UNCOVERED set, assign a Manifest2 filetype.
+   5. If the filetype for any file in the UNCOVERED set requires a halt
+      on error, abort and display a suitable error.
+   6. Completed verification
 
 4. If checking at the installation of a package:
-4.1. M2-verify the entry in MetaManifest for the Manifest
-4.2. M2-verify all relevant metadata/ contents if metadata/ is being
-     used in any way (optionally done before dependancy checking).
-4.3. M2-verifying the contents of the Manifest. 
-4.4. Perform M2-verification of all eclasses and profiles used (both
-     directly and indirectly) by the ebuild.
+
+   1. M2-verify the entry in MetaManifest for the Manifest
+   2. M2-verify all relevant metadata/ contents if metadata/ is being
+      used in any way (optionally done before dependancy checking).
+   3. M2-verifying the contents of the Manifest. 
+   4. Perform M2-verification of all eclasses and profiles used (both
+      directly and indirectly) by the ebuild.
 
 Notes:
 ======
@@ -261,6 +266,7 @@ Backwards Compatibility
 Thanks
 ======
 I'd like to thank the following people for input on this GLEP.
+
 - Patrick Lauer (patrick): Prodding me to get all of the tree-signing
   work finished, and helping to edit.
 - Ciaran McCreesh (ciaranm): Paludis Manifest2
@@ -273,11 +279,11 @@ References
 ==========
 
 [C08a] Cappos, J et al. (2008). "Package Management Security".
-    University of Arizona Technical Report TR08-02. Available online
-    from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
+       University of Arizona Technical Report TR08-02. Available online
+       from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
 [C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
-    Available online at:
-    http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
+       Available online at:
+       http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
 
 =========
 Copyright