[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] Tree-signing GLEPS review notes
From:       "Robin H. Johnson" <robbat2 () gentoo ! org>
Date:       2010-01-31 10:11:52
Message-ID: robbat2-20100131T100444-075623426Z () orbis-terrarum ! net
[Download RAW message or body]


The GLEP numbering represents the order in which I wrote the GLEPs.  It
originally started off as just two very large GLEPs. The informational
GLEP and the changes GLEP. I split it out BECAUSE I realized that many
of the parts should stand on their own merits.

For anybody looking for a hand in reviewing these, I suggest tackling
them in the following order:

Phase 0, background:
--------------------
GLEP57 - Security overview

Phase 1, isolated improvements to Manifest2:
--------------------------------------------
GLEP59 - Manifest2 hashes
GLEP61 - Manifest2 compression

Phase 2, adding to Manifest2 infrastructure:
--------------------------------------------
GLEP60 - Manifest2 filetypes

Phase 3, Infra->User security:
------------------------------
GLEP58 - MetaManifest

Phase 4, Dev->infra security:
-----------------------------
I still need to write the following:
GLEPxx - Developer Process Security
GLEPxx - GnuPG Policies and Handling

--=20
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]