diff options
-rw-r--r-- | users/robbat2/tree-signing-gleps/01-distribution-process-security | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/users/robbat2/tree-signing-gleps/01-distribution-process-security b/users/robbat2/tree-signing-gleps/01-distribution-process-security index 962b5afc8e..ee9ca05426 100644 --- a/users/robbat2/tree-signing-gleps/01-distribution-process-security +++ b/users/robbat2/tree-signing-gleps/01-distribution-process-security @@ -1,7 +1,7 @@ GLEP: xx+1 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest -Version: $Revision: 1.9 $ -Last-Modified: $Date: 2008/07/01 07:03:50 $ +Version: $Revision: 1.10 $ +Last-Modified: $Date: 2008/07/01 07:04:31 $ Author: Robin Hugh Johnson <robbat2@gentoo.org>, Status: Draft Type: Standards Track @@ -87,11 +87,15 @@ Procedure for creating the MetaManifest file: files from it (presently: AUX, MISC, EBUILD; but should follow the evolution of Manifest2 entry types per [GLEPxx+5]), and place them into the COVERED set. + 4. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED). This is every item that is not covered by another Manifest. + 5. If an existing MetaManifest file is present, remove it. + 6. For each file in UNCOVERED, assign a Manifest2 type, produce the hashes, and add with the filetype to the MetaManifest file. + 7. The MetaManifest must ultimately be GnuPG-signed. 7.1. For the initial implementation, the same key as used for snapshot tarball signing is sufficient. |