commit: f98cabc0c30dc18f5b602865eb8e84abf429ba8d Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Mon Oct 30 16:28:34 2017 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Mon Oct 30 16:29:26 2017 +0000 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=f98cabc0
glep-0074: Reorganize to have tag references after basic algos Reorganize so that file & timestamp verification come first, then tag references, then specialized algos and other informational sections. Rename 'new Manifest tags' to 'modern ...' since some of them are old. glep-0074.rst | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/glep-0074.rst b/glep-0074.rst index d476ff3..a37ad34 100644 --- a/glep-0074.rst +++ b/glep-0074.rst @@ -163,8 +163,30 @@ reject any package or even the whole repository if it may refer to files for which the verification failed. -New Manifest tags ------------------ +Timestamp verification +---------------------- + +The Manifest file can contain a ``TIMESTAMP`` entry to account +for attacks against tree update distribution. If such an entry +is present, it should be updated every time at least one +of the Manifests changes. Every unique timestamp value must correspond +to a single tree state. + +During the verification process, the client should compare the timestamp +against the update time obtained from a local clock or a trusted time +source. If the comparison result indicates that the Manifest at the time +of receiving was already significantly outdated, the client should +either fail the verification or require manual confirmation from user. + +Furthermore, the Manifest provider may employ additional methods +of distributing the timestamps of recently generated Manifests +using a secure channel from a trusted source for exact comparison. +The exact details of such a solution are outside the scope of this +specification. + + +Modern Manifest tags +-------------------- The Manifest files can specify the following tags: @@ -228,28 +250,6 @@ allowed at the package directory level: to ``files/`` subdirectory. -Timestamp verification ----------------------- - -The Manifest file can contain a ``TIMESTAMP`` entry to account -for attacks against tree update distribution. If such an entry -is present, it should be updated every time at least one -of the Manifests changes. Every unique timestamp value must correspond -to a single tree state. - -During the verification process, the client should compare the timestamp -against the update time obtained from a local clock or a trusted time -source. If the comparison result indicates that the Manifest at the time -of receiving was already significantly outdated, the client should -either fail the verification or require manual confirmation from user. - -Furthermore, the Manifest provider may employ additional methods -of distributing the timestamps of recently generated Manifests -using a secure channel from a trusted source for exact comparison. -The exact details of such a solution are outside the scope of this -specification. - - Algorithm for full-tree verification ------------------------------------
