Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Development (http://www.linux-archive.org/gentoo-development/)
-   -   Tree-signing GLEPS review notes (http://www.linux-archive.org/gentoo-development/317865-tree-signing-gleps-review-notes.html)

"Robin H. Johnson" 01-31-2010 09:11 AM

Tree-signing GLEPS review notes
 
The GLEP numbering represents the order in which I wrote the GLEPs. It
originally started off as just two very large GLEPs. The informational
GLEP and the changes GLEP. I split it out BECAUSE I realized that many
of the parts should stand on their own merits.

For anybody looking for a hand in reviewing these, I suggest tackling
them in the following order:

Phase 0, background:
--------------------
GLEP57 - Security overview

Phase 1, isolated improvements to Manifest2:
--------------------------------------------
GLEP59 - Manifest2 hashes
GLEP61 - Manifest2 compression

Phase 2, adding to Manifest2 infrastructure:
--------------------------------------------
GLEP60 - Manifest2 filetypes

Phase 3, Infra->User security:
------------------------------
GLEP58 - MetaManifest

Phase 4, Dev->infra security:
-----------------------------
I still need to write the following:
GLEPxx - Developer Process Security
GLEPxx - GnuPG Policies and Handling

--
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85


All times are GMT. The time now is 05:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.