From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 699A615808B for ; Fri, 15 Apr 2022 04:27:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C1154E089C; Fri, 15 Apr 2022 04:27:39 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D60EAE089C for ; Fri, 15 Apr 2022 04:27:37 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 08F9D3416DF for ; Fri, 15 Apr 2022 04:27:36 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9821A250 for ; Fri, 15 Apr 2022 04:27:34 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <1649996838.8e672d599f941ccb56afbd06f011b2142d0a01c7.robbat2@gentoo> Subject: [gentoo-commits] data/glep:master commit in: / X-VCS-Repository: data/glep X-VCS-Files: glep-0057.rst X-VCS-Directories: / X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: 8e672d599f941ccb56afbd06f011b2142d0a01c7 X-VCS-Branch: master Date: Fri, 15 Apr 2022 04:27:34 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: aa534301-04db-4145-a721-031374afad7f X-Archives-Hash: e57dee68ade3f41f7ca5ef439c698f7d commit: 8e672d599f941ccb56afbd06f011b2142d0a01c7 Author: Robin H. Johnson gentoo org> AuthorDate: Fri Apr 15 04:27:18 2022 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Fri Apr 15 04:27:18 2022 +0000 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=8e672d59 glep-0057: update bibiographic data Signed-off-by: Robin H. Johnson gentoo.org> Closes: https://bugs.gentoo.org/699934 glep-0057.rst | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/glep-0057.rst b/glep-0057.rst index c4114e2..793d2d0 100644 --- a/glep-0057.rst +++ b/glep-0057.rst @@ -213,26 +213,51 @@ https://archives.gentoo.org/gentoo-dev/message/7062d6765b35406b4b8ed6b7c6e8fc28 2003-04, gentoo-security mailing list, "The state of ebuild signing in portage" - Joshua Brindle (method), the first suggestion of signed Manifests, but also an unusual key-trust model: +Message-ID unknown https://marc.info/?l=gentoo-security&m=105073449619892&w=2 2003-04, gentoo-core mailing list, "New Digests and Signing -- Attempted Explanation" +:: + Date: Wed, 2 Apr 2003 23:39:05 -0600 + From: Nick Jones + Message-ID: <20030402233905.A18948@twobit.net> 2003-06, gentoo-core mailing list, "A quick guide to GPG and key signing." - This overview was one of the first to help developers see how to use their devs, and was mainly intended for keysigning meetups. +:: + Date: Mon, 30 Jun 2003 14:32:09 +1000 (EST) + From: Troy Dack + Message-ID: <33220.203.10.231.229.1056947529.squirrel@tkdack.bpa.nu> 2003-08-09, gentoo-core mailing list, "Ebuild signing" - status query, with an not very positive response, delayed by Nick Jones (carpaski) getting rooted and a safe cleanup taking a long time to affect. +:: + Date: 06 Aug 2003 15:36:34 -0500 + From: Chris PeBenito + Message-Id: <1060202193.1532.42.camel@chris.pebenito.net> 2003-12-02, gentoo-core mailing list, "Report: rsync1.it.gentoo.org compromised" +:: + Date: Tue, 2 Dec 2003 20:25:57 +0100 + From: Andrea Barisani + Message-ID: <20031202192557.GA11676@sole.infis.univ.trieste.it> 2003-12-03, gentoo-core mailing list, "Signing of ebuilds" +:: + Date: Wed, 3 Dec 2003 11:15:09 +0100 + From: Hanno Böck + Message-Id: <20031203111509.6b2e414b.hanno@gentoo.org> 2003-12-07, gentoo-core mailing list, "gpg signing of Manifests", thread includes the first GnuPG signing prototype code, by Robin H. Johnson (robbat2). Andrew Cowie (rac) also produces a proof-of-concept around this time. +:: + Date: Sun, 7 Dec 2003 21:01:03 +0000 + From: Douglas Russell + Message-Id: <200312072101.08245.puggy@gentoo.org> 2004-03-23, gentoo-dev mailing list, "2004.1 will not include a secure portage" - Kurt Lieber (klieber). Signing is nowhere near ready for @@ -260,6 +285,10 @@ portage signing". Thierry Carrez (koon) suggests that more go into tree-signing work. Problems at the time later in the thread show that the upstream gpg-agent is not ready, amongst other minor implementation issues. +:: + Date: Mon, 17 Jan 2005 11:04:50 +0100 + From: Thierry Carrez + Message-ID: <41EB8DC2.6050003@gentoo.org> 2005-02-20, gentoo-dev mailing list, "post-LWE 2005" - Brian Harring (ferringb). A discussion on the ongoing lack of signing, and that @@ -272,12 +301,20 @@ https://marc.info/?l=gentoo-dev&m=110893886214157&w=2 Informal statistics show that 26% of packages in the tree include a signed Manifest. Questions are raised regarding key types, and key policies. +:: + Date: Tue, 8 Mar 2005 12:21:55 +0100 + From: Torsten Veller + Message-ID: <20050308113947.GA4dd7c.tv@veller.net> 2005-11-16, gentoo-core mailing list, "Gentoo key signing practices and official Gentoo keyring". A discussion of key handling and other outstanding issues, also mentioning partial Manifests, as well as a comparision between the signing procedures used in Slackware, Debian and RPM-based distros. +:: + Date: Wed, 16 Nov 2005 12:29:46 -0800 + From: "Robin H. Johnson" + Message-ID: <20051116202946.GA9658@curie-int.vc.shawcable.net> 2005-11-19, gentoo-portage-dev mailing list, "Manifest signing" - Robin H. Johnson (robbat2) follows up the previous -core posting, discussion @@ -313,6 +350,10 @@ https://archives.gentoo.org/gentoo-dev/message/b25efdb57f973e1f53b38eadc55de1ee 2007-11-30, portage-dev alias, "Manifest2 and Tree-signing" - Robin H. Johnson (robbat2). First review thread for these GLEPs, many suggestions from Marius Mauch (genone). +:: + Date: Fri, 30 Nov 2007 22:13:43 -0800 + From: "Robin H. Johnson" + Message-ID: <20071201061343.GG14557@curie-int.orbis-terrarum.net> 2008-04-03, gentoo-dev mailing list, "Re: Monthly Gentoo Council Reminder for April" - Ciaran McCreesh (ciaranm). A thread in which