[gentoo-commits] data/glep:master commit in: /

["Ulrich Müller" <ulm@gentoo.org>]

commit:     1f24eec762d171cb6ff80e6995667ac1a39e713b
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 21 20:43:31 2017 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Tue Nov 21 20:43:31 2017 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=1f24eec7

glep-0057: Fix markup of bullet lists.

 glep-0057.rst | 59 ++++++++++++++++++++++++++++++-----------------------------
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/glep-0057.rst b/glep-0057.rst
index 812728e..17eda31 100644
--- a/glep-0057.rst
+++ b/glep-0057.rst
@@ -44,19 +44,19 @@ number of security shortcomings. The last discussion on the gentoo-dev
 mailing list [http://thread.gmane.org/gmane.linux.gentoo.devel/38363]
 contains a good overview of most of the issues. Summarized here:
 
- - Unverifiable executable code distributed:
-   The most obvious instance are eclasses, but there are many other bits
-   of the tree that are not signed at all right now. Modifying that data
-   is trivial.
- - Shortcomings of existing Manifest verification
-   A lack and enforcement of policies, combined with suboptimal support
-   in portage, makes it trivial to modify or replace the existing
-   Manifests. 
- - Vulnerability of existing infrastructure to attacks.
-   The previous two items make it possible for a skilled attacker to
-   design an attack and then execute it against specific portions of
-   existing infrastructure (e.g.: Compromise a country-local rsync
-   mirror, and totally replace a package and its Manifest).
+- Unverifiable executable code distributed:
+  The most obvious instance are eclasses, but there are many other bits
+  of the tree that are not signed at all right now. Modifying that data
+  is trivial.
+- Shortcomings of existing Manifest verification.
+  A lack and enforcement of policies, combined with suboptimal support
+  in portage, makes it trivial to modify or replace the existing
+  Manifests.
+- Vulnerability of existing infrastructure to attacks.
+  The previous two items make it possible for a skilled attacker to
+  design an attack and then execute it against specific portions of
+  existing infrastructure (e.g.: Compromise a country-local rsync
+  mirror, and totally replace a package and its Manifest).
 
 Specification
 =============
@@ -67,18 +67,19 @@ previous shortcomings.
 System Elements
 ---------------
 There are a few entities to be considered:
- - Upstream. The people who provide the program(s) or data we wish to
-   distribute.
- - Gentoo Developers. The people that package and test the things
-   provided by Upstream.
- - Gentoo Infrastructure. The people and hardware that allow the revision
-   control of metadata and distribution of the data and metadata provided
-   by Developers and Upstream.
- - Gentoo Mirrors. Hardware provided by external contributors that is not
-   or only marginally controlled by Gentoo Infrastructure. Needed to
-   achieve the scalability and performance needed for the substantial
-   Gentoo user base.
- - Gentoo Users. The people that use the Gentoo MetaDistribution.
+
+- Upstream. The people who provide the program(s) or data we wish to
+  distribute.
+- Gentoo Developers. The people that package and test the things
+  provided by Upstream.
+- Gentoo Infrastructure. The people and hardware that allow the revision
+  control of metadata and distribution of the data and metadata provided
+  by Developers and Upstream.
+- Gentoo Mirrors. Hardware provided by external contributors that is not
+  or only marginally controlled by Gentoo Infrastructure. Needed to
+  achieve the scalability and performance needed for the substantial
+  Gentoo user base.
+- Gentoo Users. The people that use the Gentoo MetaDistribution.
 
 The data described here is usually programs and data files provided by
 upstream; as this is a rather large amount of data it is usually
@@ -102,10 +103,10 @@ Processes
 There are two major processes in the distribution of Gentoo, where
 security needs to be implemented:
 
- - Developer commits to version control systems controlled by
-   Infrastructure.
- - Tree and distfile distribution from Infrastructure to Users, via the
-   mirrors (this includes both HTTP and rsync distribution).
+- Developer commits to version control systems controlled by
+  Infrastructure.
+- Tree and distfile distribution from Infrastructure to Users, via the
+  mirrors (this includes both HTTP and rsync distribution).
 
 Both processes need their security improved. In [GLEPxx2] we will discuss
 how to improve the security of the first process. The relatively