proto-GLEPS for Tree-signing, take 2
 

So I'm not going to directly attach the GLEPs again this time, however
I am just going to link to them, and summarize the changes:

xx+1:
- Add mention of how to defeat the mirror replay attacks from Stork@UArizona.
- Clarify wording of the UNCOVERED=ALL-COVERED set math, and why it's
important (genone)
- Add a timestamp to the metamanifest.
- Mention that it can be implemented without the new Manifest2
filetypes.

xx+5:
- Update the exclusion lists.
- Exclusion list behavior during strict validation.
- Fix typos.

prototype/generate-metamanifest.py:
- Prototype of the MetaManifest generation.
- Doesn't sign yet, but does include the timestamp.
- Uses existing Manifest2 types.
- See header for existing runtime info - it's quite fast.

http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/

I'd like to ask for any comments to be in to me by July 14th 23:59UTC.
After that I'd like to post the GLEPs to the gentoo-dev mailing list.

--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

proto-GLEPS for Tree-signing, take 2
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin H. Johnson wrote:
> prototype/generate-metamanifest.py:
> - Prototype of the MetaManifest generation.
> - Doesn't sign yet, but does include the timestamp.
> - Uses existing Manifest2 types.
> - See header for existing runtime info - it's quite fast.

I used generate-metamanifest.py to generate a MetaManifest and wrote
this patch to verify it:

http://dev.gentoo.org/~zmedico/portage/branches/2.2/patches/verify-metamanifest.patch

Zac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkh6B5UACgkQ/ejvha5XGaMFWACglFNHR6LmgqOaMixmYC5Mnbvn
LlcAn1+xzhzd/6XNRqC62ngHhzxox4vU
=mqun
-----END PGP SIGNATURE-----
--
gentoo-portage-dev@lists.gentoo.org mailing list