diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2008-10-22 00:33:30 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2008-10-22 00:33:30 +0000 |
commit | 91a37ee9e0aecb1fae1dea583939ac7806651069 (patch) | |
tree | 02d43d96988d14e7e9dd3926cb8138c6cd497f42 /users | |
parent | Fix typo I spotted while reading the devmail howto. no content change. (diff) | |
download | gentoo-91a37ee9e0aecb1fae1dea583939ac7806651069.tar.gz gentoo-91a37ee9e0aecb1fae1dea583939ac7806651069.tar.bz2 gentoo-91a37ee9e0aecb1fae1dea583939ac7806651069.zip |
Fix RST for validation.
Diffstat (limited to 'users')
-rw-r--r-- | users/robbat2/tree-signing-gleps/00-proposal-overview | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/users/robbat2/tree-signing-gleps/00-proposal-overview b/users/robbat2/tree-signing-gleps/00-proposal-overview index af65bc6e39..6a3d6a2fe6 100644 --- a/users/robbat2/tree-signing-gleps/00-proposal-overview +++ b/users/robbat2/tree-signing-gleps/00-proposal-overview @@ -1,7 +1,7 @@ GLEP: xx Title: Security of distribution of Gentoo software - Overview -Version: $Revision: 1.13 $ -Last-Modified: $Date: 2008/10/09 23:23:12 $ +Version: $Revision: 1.14 $ +Last-Modified: $Date: 2008/10/22 00:33:30 $ Author: Robin Hugh Johnson <robbat2@gentoo.org> Status: Draft Type: Informational @@ -42,6 +42,7 @@ Gentoo's software distribution system as it presently stands, contains a number of security shortcomings. The last discussion on the gentoo-dev mailing list [http://thread.gmane.org/gmane.linux.gentoo.devel/38363] contains a good overview of most of the issues. Summarized here: + 1. Unverifiable executable code distributed: The most obvious instance are eclasses, but there are many other bits of the tree that are not signed at all right now. Modifying that data @@ -65,6 +66,7 @@ previous shortcomings. System Elements --------------- There are a few entities to be considered: + - Upstream. The people who provide the program(s) or data we wish to distribute. - Gentoo Developers. The people that package and test the things @@ -99,6 +101,7 @@ Processes --------- There are two major processes in the distribution of Gentoo, where security needs to be implemented: + 1. Developer commits to version control systems controlled by Infrastructure. 2. Tree and distfile distribution from Infrastructure to Users, via the @@ -325,7 +328,6 @@ spelling, grammar, research (esp. tracking down every possible vulnerability that has been mentioned in past discussions, and integrating them in this overview). -========== References ========== |