So I'm not going to directly attach the GLEPs again this time, however
I am just going to link to them, and summarize the changes:
- Add mention of how to defeat the mirror replay attacks from Stork@UArizona.
- Clarify wording of the UNCOVERED=ALL-COVERED set math, and why it's
- Add a timestamp to the metamanifest.
- Mention that it can be implemented without the new Manifest2
- Update the exclusion lists.
- Exclusion list behavior during strict validation.
- Fix typos.
- Prototype of the MetaManifest generation.
- Doesn't sign yet, but does include the timestamp.
- Uses existing Manifest2 types.
- See header for existing runtime info - it's quite fast.
I'd like to ask for any comments to be in to me by July 14th 23:59UTC.
After that I'd like to post the GLEPs to the gentoo-dev mailing list.
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : email@example.com
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
07-13-2008, 02:48 PM
proto-GLEPS for Tree-signing, take 2
-----BEGIN PGP SIGNED MESSAGE-----
Robin H. Johnson wrote:
> - Prototype of the MetaManifest generation.
> - Doesn't sign yet, but does include the timestamp.
> - Uses existing Manifest2 types.
> - See header for existing runtime info - it's quite fast.
I used generate-metamanifest.py to generate a MetaManifest and wrote
this patch to verify it: