summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2017-10-30 17:28:34 +0100
committerMichał Górny <mgorny@gentoo.org>2017-11-25 21:49:14 +0100
commit6e2ae17e67641b514b602365d61a16465ec9f9eb (patch)
tree36c0635ebfc6e2303ae86e674bb01380d7f30d87
parentglep-0074: Rewrite the file verificaton to cover OPTIONAL (diff)
downloadglep-6e2ae17e67641b514b602365d61a16465ec9f9eb.tar.gz
glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.tar.bz2
glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.zip
glep-0074: Reorganize to have tag references after basic algos
Reorganize so that file & timestamp verification come first, then tag references, then specialized algos and other informational sections. Rename 'new Manifest tags' to 'modern ...' since some of them are old.
-rw-r--r--glep-0074.rst48
1 files changed, 24 insertions, 24 deletions
diff --git a/glep-0074.rst b/glep-0074.rst
index d476ff3..a37ad34 100644
--- a/glep-0074.rst
+++ b/glep-0074.rst
@@ -163,8 +163,30 @@ reject any package or even the whole repository if it may refer to files
for which the verification failed.
-New Manifest tags
------------------
+Timestamp verification
+----------------------
+
+The Manifest file can contain a ``TIMESTAMP`` entry to account
+for attacks against tree update distribution. If such an entry
+is present, it should be updated every time at least one
+of the Manifests changes. Every unique timestamp value must correspond
+to a single tree state.
+
+During the verification process, the client should compare the timestamp
+against the update time obtained from a local clock or a trusted time
+source. If the comparison result indicates that the Manifest at the time
+of receiving was already significantly outdated, the client should
+either fail the verification or require manual confirmation from user.
+
+Furthermore, the Manifest provider may employ additional methods
+of distributing the timestamps of recently generated Manifests
+using a secure channel from a trusted source for exact comparison.
+The exact details of such a solution are outside the scope of this
+specification.
+
+
+Modern Manifest tags
+--------------------
The Manifest files can specify the following tags:
@@ -228,28 +250,6 @@ allowed at the package directory level:
to ``files/`` subdirectory.
-Timestamp verification
-----------------------
-
-The Manifest file can contain a ``TIMESTAMP`` entry to account
-for attacks against tree update distribution. If such an entry
-is present, it should be updated every time at least one
-of the Manifests changes. Every unique timestamp value must correspond
-to a single tree state.
-
-During the verification process, the client should compare the timestamp
-against the update time obtained from a local clock or a trusted time
-source. If the comparison result indicates that the Manifest at the time
-of receiving was already significantly outdated, the client should
-either fail the verification or require manual confirmation from user.
-
-Furthermore, the Manifest provider may employ additional methods
-of distributing the timestamps of recently generated Manifests
-using a secure channel from a trusted source for exact comparison.
-The exact details of such a solution are outside the scope of this
-specification.
-
-
Algorithm for full-tree verification
------------------------------------