summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--users/robbat2/tree-signing-gleps/01-distribution-process-security8
1 files changed, 6 insertions, 2 deletions
diff --git a/users/robbat2/tree-signing-gleps/01-distribution-process-security b/users/robbat2/tree-signing-gleps/01-distribution-process-security
index 962b5afc8e..ee9ca05426 100644
--- a/users/robbat2/tree-signing-gleps/01-distribution-process-security
+++ b/users/robbat2/tree-signing-gleps/01-distribution-process-security
@@ -1,7 +1,7 @@
GLEP: xx+1
Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.9 $
-Last-Modified: $Date: 2008/07/01 07:03:50 $
+Version: $Revision: 1.10 $
+Last-Modified: $Date: 2008/07/01 07:04:31 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>,
Status: Draft
Type: Standards Track
@@ -87,11 +87,15 @@ Procedure for creating the MetaManifest file:
files from it (presently: AUX, MISC, EBUILD; but should follow the
evolution of Manifest2 entry types per [GLEPxx+5]), and place them
into the COVERED set.
+
4. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED).
This is every item that is not covered by another Manifest.
+
5. If an existing MetaManifest file is present, remove it.
+
6. For each file in UNCOVERED, assign a Manifest2 type, produce the
hashes, and add with the filetype to the MetaManifest file.
+
7. The MetaManifest must ultimately be GnuPG-signed.
7.1. For the initial implementation, the same key as used for snapshot
tarball signing is sufficient.