public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-06-06 14:00 Ulrich Müller
  0 siblings, 0 replies; 14+ messages in thread
From: Ulrich Müller @ 2022-06-06 14:00 UTC (permalink / raw
  To: gentoo-commits

commit:     e451e59a64f18aa4419f225e8acb774cf9162394
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  6 13:58:54 2022 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Mon Jun  6 13:58:54 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=e451e59a

glep-0078: Update footer to CC-BY-SA-4.0

Acked-by: Michał Górny <mgorny <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0078.rst | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 82c74c8..92d4547 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -7,7 +7,7 @@ Type: Standards Track
 Status: Draft
 Version: 1
 Created: 2018-11-15
-Last-Modified: 2021-10-10
+Last-Modified: 2022-06-06
 Post-History: 2018-11-17, 2019-07-08, 2021-09-13, 2021-09-22, 2022-05-28
 Content-Type: text/x-rst
 ---
@@ -649,6 +649,7 @@ References
 
 Copyright
 =========
-This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
-Unported License. To view a copy of this license, visit
-https://creativecommons.org/licenses/by-sa/3.0/.
+
+This work is licensed under the Creative Commons Attribution-ShareAlike 4.0
+International License.  To view a copy of this license, visit
+https://creativecommons.org/licenses/by-sa/4.0/.


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-06-06 14:00 Ulrich Müller
  0 siblings, 0 replies; 14+ messages in thread
From: Ulrich Müller @ 2022-06-06 14:00 UTC (permalink / raw
  To: gentoo-commits

commit:     9e698f27e3d90c3b2bb5e477169f661f82bee0d7
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  6 13:59:14 2022 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Mon Jun  6 13:59:14 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=9e698f27

glep-0078: Fix Author header

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0078.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 92d4547..fb0f6dc 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -1,7 +1,7 @@
 ---
 GLEP: 78
 Title: Gentoo binary package container format
-Author: Michał Górny <mgorny@gentoo.org>
+Author: Michał Górny <mgorny@gentoo.org>,
         Sheng Yu <syu.os@protonmail.com>
 Type: Standards Track
 Status: Draft


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:13 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:13 UTC (permalink / raw
  To: gentoo-commits

commit:     c1dd9de1b19a61631b0dfab095c416abae81b3c1
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 14 10:12:57 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 10:12:57 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=c1dd9de1

glep-0078: Typographic fixes

Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 glep-0078.rst | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index fb0f6dc..194b3f4 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -215,7 +215,7 @@ The package directory contains the following members, in order:
    ``image.tar${comp}.sig`` (optional).
 
 6. The package Manifest data file ``Manifest``, optionally clear-text
-   signed (required)
+   signed (required).
 
 It is recommended that relative order of the archive members is
 preserved.  However, implementations must support archives with members
@@ -317,16 +317,16 @@ The package Manifest file
 The Manifest file must include digests of all files in the binary
 package container, except for itself.  The purpose of this file is
 to provide the package manager with an ability to detect corruption
-or alteration of the binary package before attempting to read the
-inner archive contents.  This file also provides protection against
+or alteration of the binary package before attempting to read
+the inner archive contents.  This file also provides protection against
 signature reuse/replacement attacks if the OpenPGP signatures are used.
 
 The implementation follows the Manifest specifications in GLEP 74
 [#GLEP74]_ and uses the DATA tag for files within the container.
 
 The implementation should be able to detect checksum mismatches,
-as well as missing, duplicate, or extraneous files within the
-container.  In the case of verification failure, no subsequent
+as well as missing, duplicate, or extraneous files within
+the container.  In the case of verification failure, no subsequent
 operations on the archive should be performed.
 
 
@@ -337,9 +337,9 @@ The archive members and Manifest support optional OpenPGP signatures.
 The implementations must allow the user to specify whether OpenPGP
 signatures are to be expected in remotely fetched packages.
 
-If the signatures are expected and the archive member is unsigned, the
-package manager must reject processing it.  If the signature does not
-verify, the package manager must reject processing the corresponding
+If the signatures are expected and the archive member is unsigned,
+the package manager must reject processing it.  If the signature does
+not verify, the package manager must reject processing the corresponding
 archive member.  In particular, it must not attempt decompressing
 compressed members in those circumstances.
 
@@ -525,30 +525,30 @@ format  [#DEB-FORMAT]_.
 Some of the original features of .tar are obsolete with the modern
 usage.
 
-Firstly, .tar permits duplicate files to exist [#TARDUP]_.  The
-later duplicate files overwrite the previously extracted files when
+Firstly, .tar permits duplicate files to exist [#TARDUP]_.
+The later duplicate files overwrite the previously extracted files when
 extracting all files in order.  This is useful for incremental
 backups.  However, a general-purpose archiving tools may choose
-arbitrary files matching a path name, leading to checksum or
-signature bypass.  To prevent this, duplicate files are forbidden
+arbitrary files matching a path name, leading to checksum
+or signature bypass.  To prevent this, duplicate files are forbidden
 from existing.
 
 Secondly, .tar lacks integrity checks, except for the header
 self-check.  Data corruption can usually be detected through
 integrity checks in the additional compression layer.  However,
-this does not provide a way of verifying the integrity of the
-compressed data in advance.  For this reason, an additional
+this does not provide a way of verifying the integrity
+of the compressed data in advance.  For this reason, an additional
 Manifest file is included that provides checksums for other
 files in the archive.  A corrupted Manifest invalidates the whole
 package.
 
 Thirdly, many .tar implementations have various security problems,
 including the Python tarfile module [#ISSUE21109]_.  They provide
-multiple attack vectors, e.g. permitting overwriting files outside the
-destination directory using special filenames, symlinks, hard links or
-device files.  For this purpose, only regular files are permitted inside
-the container.  It is recommended to process the container data in place
-rather than extracting it.
+multiple attack vectors, e.g. permitting overwriting files outside
+the destination directory using special filenames, symlinks, hard links
+or device files.  For this purpose, only regular files are permitted
+inside the container.  It is recommended to process the container data
+in place rather than extracting it.
 
 
 Member ordering
@@ -573,12 +573,12 @@ attacks.  Covering the individual members rather than the whole package
 provides for verification of partially fetched binary packages.
 
 However, signing individual files does not guarantee that all members
-are originating from the same binary package.  This opens up the
-possibility of a replacement/reuse attack, e.g. combining the signed
+are originating from the same binary package.  This opens up
+the possibility of a replacement/reuse attack, e.g. combining the signed
 metadata from foo-1.1 with signed image from foo-1.0.  The new binary
 package passes the signature check.  To prevent this type of attack,
-we need the additional Menifest file and its signature to verify the
-authenticity of the complete binary package.
+we need the additional Menifest file and its signature to verify
+the authenticity of the complete binary package.
 
 
 Format versioning


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     f6ba29bfdb9572e186bb2cdf5c8380ac9a62ae63
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sun May 22 05:53:45 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sun May 22 05:53:45 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=f6ba29bf

glep-0068: Update language identifiers from ISO 639-1 to BCP 47

This will allow codes like pt-BR or zh-Hant which is already used
in at least one longdescription in the Gentoo repository.

Note that the L10N USE_EXPAND and GLEP 42 news items also use BCP 47
for language names.

Bug: https://bugs.gentoo.org/578294
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0068.rst | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/glep-0068.rst b/glep-0068.rst
index 83e54d9..78ac7ea 100644
--- a/glep-0068.rst
+++ b/glep-0068.rst
@@ -4,10 +4,10 @@ Title: Package and category metadata
 Author: Michał Górny <mgorny@gentoo.org>
 Type: Standards Track
 Status: Final
-Version: 1.1
+Version: 1.2
 Created: 2016-03-14
-Last-Modified: 2021-09-11
-Post-History: 2016-03-16, 2018-02-20
+Last-Modified: 2022-05-22
+Post-History: 2016-03-16, 2018-02-20, 2022-05-22
 Content-Type: text/x-rst
 Requires: 67
 Replaces: 34, 46, 56
@@ -106,8 +106,8 @@ The following common attributes are allowed on multiple elements:
 
 Language specifiers are used whenever an element supports variants
 in different languages. In this case, each occurrence of the element may
-contain an optional ``lang=""`` attribute that contains a ISO 639-1 language
-code. In case no ``lang=""`` attribute is provided, an implicit default
+contain an optional ``lang=""`` attribute that contains an IETF language tag
+[#BCP-47]_. In case no ``lang=""`` attribute is provided, an implicit default
 of ``en`` is assumed.
 
 Restriction specifiers are used whenever an element supports restricting to
@@ -321,6 +321,9 @@ language identifier in any of the considered standards. Furthermore, since
 and no tools relied on the implicit default defined in the DTD, it was decided
 to change the implicit default to ``en``.
 
+Language identifiers were later updated to allow full IETF language tags,
+so that codes like ``pt-BR`` or ``zh-Hant`` can be represented.
+
 Package restrictions
 --------------------
 
@@ -513,6 +516,9 @@ References
 .. [#METADATA-DTD] The original metadata.dtd file
    https://gitweb.gentoo.org/data/dtd.git/tree/metadata.dtd?id=a908a93b5afe295359e0a01814c9bef8b5268bcd
 
+.. [#BCP-47] BCP 47: "Tags for identifying languages",
+   https://tools.ietf.org/rfc/bcp/bcp47.txt
+
 .. [#ORIGINAL-METADATA-XML] The original metadata.xml proposal:
    Paul de Vrieze. "IMPORTANT: The proposal for the metadata.xml file".
    gentoo-dev mailing list, 2003-06-27,
@@ -529,6 +535,6 @@ References
 Copyright
 =========
 
-This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
-Unported License.  To view a copy of this license, visit
-https://creativecommons.org/licenses/by-sa/3.0/.
+This work is licensed under the Creative Commons Attribution-ShareAlike 4.0
+International License.  To view a copy of this license, visit
+https://creativecommons.org/licenses/by-sa/4.0/.


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     0b6676088aa1dfdf043442f5ea5cf952e242d150
Author:     Sheng Yu <syu.os <AT> protonmail <DOT> com>
AuthorDate: Sat May 28 19:06:46 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 10:16:02 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=0b667608

glep-0078: draft update

Bug: https://bugs.gentoo.org/820578
Signed-off-by: Sheng Yu <syu.os <AT> protonmail.com>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 glep-0078.rst | 114 ++++++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 96 insertions(+), 18 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 1f7cd9b..82c74c8 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -2,12 +2,13 @@
 GLEP: 78
 Title: Gentoo binary package container format
 Author: Michał Górny <mgorny@gentoo.org>
+        Sheng Yu <syu.os@protonmail.com>
 Type: Standards Track
 Status: Draft
 Version: 1
 Created: 2018-11-15
-Last-Modified: 2019-07-29
-Post-History: 2018-11-17, 2019-07-08
+Last-Modified: 2021-10-10
+Post-History: 2018-11-17, 2019-07-08, 2021-09-13, 2021-09-22, 2022-05-28
 Content-Type: text/x-rst
 ---
 
@@ -154,10 +155,15 @@ The following obligatory goals have been set for a replacement format:
    enough to let user inspect and manipulate it without special tooling
    or detailed knowledge.
 
-3. **The file format must provide support for OpenPGP signatures.**
+3. **The file format must be able to detect its own data corruption.**
+   In particular, it needs to contain the checksum of its own data for
+   package manager to be able to verify its integrity without relying
+   on additional files.
+
+4. **The file format must provide support for OpenPGP signatures.**
    Preferably, it should use standard OpenPGP message formats.
 
-4. **The file format must allow for efficient metadata updates.**
+5. **The file format must allow for efficient metadata updates.**
    In particular, it should be possible to update the metadata without
    having to recompress package files.
 
@@ -186,35 +192,39 @@ The container format
 The gpkg package container is an uncompressed .tar achive whose filename
 should use ``.gpkg.tar`` suffix.
 
-The archive contains a number of files, stored in a single directory
-whose name should match the basename of the package file.  However,
-the implementation must be able to process an archive where
-the directory name is mismatched.  There should be no explicit archive
-member entry for the directory.
+The archive contains a number of files.  All package-related files
+should be stored in a single directory whose name matches the basename
+of the package file.  However, the implementation must be able to
+process an archive where the directory name is mismatched.  There should
+be no explicit archive member entry for the directory.
 
 The package directory contains the following members, in order:
 
 1. The package format identifier file ``gpkg-1`` (required).
 
-2. A signature for the metadata archive: ``metadata.tar${comp}.sig``
+2. The metadata archive ``metadata.tar${comp}``, optionally compressed
+   (required).
+
+3. A signature for the metadata archive: ``metadata.tar${comp}.sig``
    (optional).
 
-3. The metadata archive ``metadata.tar${comp}``, optionally compressed
-   (required).
+4. The filesystem image archive ``image.tar${comp}``, optionally
+   compressed (required).
 
-4. A signature for the filesystem image archive:
+5. A signature for the filesystem image archive:
    ``image.tar${comp}.sig`` (optional).
 
-5. The filesystem image archive ``image.tar${comp}``, optionally
-   compressed (required).
+6. The package Manifest data file ``Manifest``, optionally clear-text
+   signed (required)
 
 It is recommended that relative order of the archive members is
 preserved.  However, implementations must support archives with members
 out of order.
 
 The container may be extended with additional members in the future.
-The implementations should ignore unrecognized members and preserve
-them across package updates.
+If the Manifest is present, all files contained in the archive must
+be listed in it and verify successfully.  The package manager should
+ignore unknown files but preserve them across package updates.
 
 
 Permitted .tar format features
@@ -301,10 +311,29 @@ suffixed using the standard suffix for the particular compressed file
 type (e.g. ``.bz2`` for bzip2 format).
 
 
+The package Manifest file
+-------------------------
+
+The Manifest file must include digests of all files in the binary
+package container, except for itself.  The purpose of this file is
+to provide the package manager with an ability to detect corruption
+or alteration of the binary package before attempting to read the
+inner archive contents.  This file also provides protection against
+signature reuse/replacement attacks if the OpenPGP signatures are used.
+
+The implementation follows the Manifest specifications in GLEP 74
+[#GLEP74]_ and uses the DATA tag for files within the container.
+
+The implementation should be able to detect checksum mismatches,
+as well as missing, duplicate, or extraneous files within the
+container.  In the case of verification failure, no subsequent
+operations on the archive should be performed.
+
+
 OpenPGP member signatures
 -------------------------
 
-The archive members support optional OpenPGP signatures.
+The archive members and Manifest support optional OpenPGP signatures.
 The implementations must allow the user to specify whether OpenPGP
 signatures are to be expected in remotely fetched packages.
 
@@ -490,6 +519,38 @@ Debian has a similar guideline for the inner tar of their package
 format  [#DEB-FORMAT]_.
 
 
+.tar security issues
+--------------------
+
+Some of the original features of .tar are obsolete with the modern
+usage.
+
+Firstly, .tar permits duplicate files to exist [#TARDUP]_.  The
+later duplicate files overwrite the previously extracted files when
+extracting all files in order.  This is useful for incremental
+backups.  However, a general-purpose archiving tools may choose
+arbitrary files matching a path name, leading to checksum or
+signature bypass.  To prevent this, duplicate files are forbidden
+from existing.
+
+Secondly, .tar lacks integrity checks, except for the header
+self-check.  Data corruption can usually be detected through
+integrity checks in the additional compression layer.  However,
+this does not provide a way of verifying the integrity of the
+compressed data in advance.  For this reason, an additional
+Manifest file is included that provides checksums for other
+files in the archive.  A corrupted Manifest invalidates the whole
+package.
+
+Thirdly, many .tar implementations have various security problems,
+including the Python tarfile module [#ISSUE21109]_.  They provide
+multiple attack vectors, e.g. permitting overwriting files outside the
+destination directory using special filenames, symlinks, hard links or
+device files.  For this purpose, only regular files are permitted inside
+the container.  It is recommended to process the container data in place
+rather than extracting it.
+
+
 Member ordering
 ---------------
 
@@ -511,6 +572,14 @@ them.  Covering the compressed archives helps to prevent zipbomb
 attacks.  Covering the individual members rather than the whole package
 provides for verification of partially fetched binary packages.
 
+However, signing individual files does not guarantee that all members
+are originating from the same binary package.  This opens up the
+possibility of a replacement/reuse attack, e.g. combining the signed
+metadata from foo-1.1 with signed image from foo-1.0.  The new binary
+package passes the signature check.  To prevent this type of attack,
+we need the additional Menifest file and its signature to verify the
+authenticity of the complete binary package.
+
 
 Format versioning
 -----------------
@@ -564,10 +633,19 @@ References
 .. [#TAR-PORTABILITY] Michał Górny, Portability of tar features
    (https://dev.gentoo.org/~mgorny/articles/portability-of-tar-features.html)
 
+.. [#GLEP74] GLEP 74: Full-tree verification using Manifest files
+   (https://www.gentoo.org/glep/glep-0074.html)
+
 .. [#XPAK2GPKG] xpak2gpkg: Proof-of-concept converter from tbz2/xpak
    to gpkg binpkg format
    (https://github.com/mgorny/xpak2gpkg)
 
+.. [#TARDUP] tar: Multiple Members with the Same Name
+   (https://www.gnu.org/software/tar/manual/html_node/multiple.html)
+
+.. [#ISSUE21109] Python tarfile: Traversal attack vulnerability
+   (https://bugs.python.org/issue21109)
+
 
 Copyright
 =========


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     fddc189901100b041343e935a1dabb09860f8932
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 20:23:54 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sat Jul  9 08:38:45 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=fddc1899

glep-0002: "GLEP x" and "RFC x" aren't automatically linked

Closes: https://bugs.gentoo.org/857066
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0002.rst | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/glep-0002.rst b/glep-0002.rst
index 6ef72ca..ab68ee9 100644
--- a/glep-0002.rst
+++ b/glep-0002.rst
@@ -6,9 +6,9 @@ Author: Grant Goodyear <g2boojum@gentoo.org>,
         Ulrich Müller <ulm@gentoo.org>
 Type: Informational
 Status: Active
-Version: 4
+Version: 4.1
 Created: 2003-05-31
-Last-Modified: 2019-11-24
+Last-Modified: 2022-07-09
 Post-History: 2003-06-02, 2013-12-17, 2017-09-17, 2019-11-24
 Content-Type: text/x-rst
 ---
@@ -426,9 +426,6 @@ Footnotes containing the URLs from external targets will be generated
 automatically at the end of the References section of the GLEP, along
 with footnote references linking the reference text to the footnotes.
 
-Text of the form "GLEP x" or "RFC x" (where "x" is a number) will be
-linked automatically to the appropriate URLs.
-
 
 Footnotes
 ---------


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     fc293192c52cab778ef1024748245870b6660c6d
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 14 10:12:57 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 10:16:04 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=fc293192

glep-0078: Typographic fixes

Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 glep-0078.rst | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index fb0f6dc..194b3f4 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -215,7 +215,7 @@ The package directory contains the following members, in order:
    ``image.tar${comp}.sig`` (optional).
 
 6. The package Manifest data file ``Manifest``, optionally clear-text
-   signed (required)
+   signed (required).
 
 It is recommended that relative order of the archive members is
 preserved.  However, implementations must support archives with members
@@ -317,16 +317,16 @@ The package Manifest file
 The Manifest file must include digests of all files in the binary
 package container, except for itself.  The purpose of this file is
 to provide the package manager with an ability to detect corruption
-or alteration of the binary package before attempting to read the
-inner archive contents.  This file also provides protection against
+or alteration of the binary package before attempting to read
+the inner archive contents.  This file also provides protection against
 signature reuse/replacement attacks if the OpenPGP signatures are used.
 
 The implementation follows the Manifest specifications in GLEP 74
 [#GLEP74]_ and uses the DATA tag for files within the container.
 
 The implementation should be able to detect checksum mismatches,
-as well as missing, duplicate, or extraneous files within the
-container.  In the case of verification failure, no subsequent
+as well as missing, duplicate, or extraneous files within
+the container.  In the case of verification failure, no subsequent
 operations on the archive should be performed.
 
 
@@ -337,9 +337,9 @@ The archive members and Manifest support optional OpenPGP signatures.
 The implementations must allow the user to specify whether OpenPGP
 signatures are to be expected in remotely fetched packages.
 
-If the signatures are expected and the archive member is unsigned, the
-package manager must reject processing it.  If the signature does not
-verify, the package manager must reject processing the corresponding
+If the signatures are expected and the archive member is unsigned,
+the package manager must reject processing it.  If the signature does
+not verify, the package manager must reject processing the corresponding
 archive member.  In particular, it must not attempt decompressing
 compressed members in those circumstances.
 
@@ -525,30 +525,30 @@ format  [#DEB-FORMAT]_.
 Some of the original features of .tar are obsolete with the modern
 usage.
 
-Firstly, .tar permits duplicate files to exist [#TARDUP]_.  The
-later duplicate files overwrite the previously extracted files when
+Firstly, .tar permits duplicate files to exist [#TARDUP]_.
+The later duplicate files overwrite the previously extracted files when
 extracting all files in order.  This is useful for incremental
 backups.  However, a general-purpose archiving tools may choose
-arbitrary files matching a path name, leading to checksum or
-signature bypass.  To prevent this, duplicate files are forbidden
+arbitrary files matching a path name, leading to checksum
+or signature bypass.  To prevent this, duplicate files are forbidden
 from existing.
 
 Secondly, .tar lacks integrity checks, except for the header
 self-check.  Data corruption can usually be detected through
 integrity checks in the additional compression layer.  However,
-this does not provide a way of verifying the integrity of the
-compressed data in advance.  For this reason, an additional
+this does not provide a way of verifying the integrity
+of the compressed data in advance.  For this reason, an additional
 Manifest file is included that provides checksums for other
 files in the archive.  A corrupted Manifest invalidates the whole
 package.
 
 Thirdly, many .tar implementations have various security problems,
 including the Python tarfile module [#ISSUE21109]_.  They provide
-multiple attack vectors, e.g. permitting overwriting files outside the
-destination directory using special filenames, symlinks, hard links or
-device files.  For this purpose, only regular files are permitted inside
-the container.  It is recommended to process the container data in place
-rather than extracting it.
+multiple attack vectors, e.g. permitting overwriting files outside
+the destination directory using special filenames, symlinks, hard links
+or device files.  For this purpose, only regular files are permitted
+inside the container.  It is recommended to process the container data
+in place rather than extracting it.
 
 
 Member ordering
@@ -573,12 +573,12 @@ attacks.  Covering the individual members rather than the whole package
 provides for verification of partially fetched binary packages.
 
 However, signing individual files does not guarantee that all members
-are originating from the same binary package.  This opens up the
-possibility of a replacement/reuse attack, e.g. combining the signed
+are originating from the same binary package.  This opens up
+the possibility of a replacement/reuse attack, e.g. combining the signed
 metadata from foo-1.1 with signed image from foo-1.0.  The new binary
 package passes the signature check.  To prevent this type of attack,
-we need the additional Menifest file and its signature to verify the
-authenticity of the complete binary package.
+we need the additional Menifest file and its signature to verify
+the authenticity of the complete binary package.
 
 
 Format versioning


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     262d3cb8bbe5d100d605cf62343a5d61e1af911d
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  6 13:58:54 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 10:16:03 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=262d3cb8

glep-0078: Update footer to CC-BY-SA-4.0

Acked-by: Michał Górny <mgorny <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 glep-0078.rst | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 82c74c8..92d4547 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -7,7 +7,7 @@ Type: Standards Track
 Status: Draft
 Version: 1
 Created: 2018-11-15
-Last-Modified: 2021-10-10
+Last-Modified: 2022-06-06
 Post-History: 2018-11-17, 2019-07-08, 2021-09-13, 2021-09-22, 2022-05-28
 Content-Type: text/x-rst
 ---
@@ -649,6 +649,7 @@ References
 
 Copyright
 =========
-This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
-Unported License. To view a copy of this license, visit
-https://creativecommons.org/licenses/by-sa/3.0/.
+
+This work is licensed under the Creative Commons Attribution-ShareAlike 4.0
+International License.  To view a copy of this license, visit
+https://creativecommons.org/licenses/by-sa/4.0/.


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     4e6022e1056b730373d1b3787d057edd7247b1d0
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 17:35:31 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 17:35:31 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=4e6022e1

glep-0001: Use uppercase for footnote and its reference

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0001.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/glep-0001.rst b/glep-0001.rst
index 020fac3..5b33558 100644
--- a/glep-0001.rst
+++ b/glep-0001.rst
@@ -8,7 +8,7 @@ Type: Informational
 Status: Active
 Version: 4
 Created: 2003-05-31
-Last-Modified: 2022-06-06
+Last-Modified: 2022-07-08
 Post-History: 2003-06-01, 2003-07-02, 2008-01-19, 2008-06-05, 2011-03-09,
               2013-12-14, 2017-09-17, 2018-07-10, 2019-11-24
 Content-Type: text/x-rst
@@ -18,7 +18,7 @@ Credits
 =======
 
 The GLEP concept, and, in fact, much of the text of this document,
-is liberally stolen from Python's [#Python]_ PEPs [#PEPS]_, especially
+is liberally stolen from Python's [#PYTHON]_ PEPs [#PEPS]_, especially
 PEP-0001 [#PEP1]_ by Barry A. Warsaw, Jeremy Hylton, and David Goodger.
 
 What is a GLEP?


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     0f3c9dfdf8712570404c3d90b788536d3cff514e
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  2 08:06:59 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sat Jul  2 08:37:22 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=0f3c9dfd

glep-0076: replace one dead link from references

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
[Also update the page title]
Closes: https://bugs.gentoo.org/855692
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0076.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/glep-0076.rst b/glep-0076.rst
index 634ac83..2216483 100644
--- a/glep-0076.rst
+++ b/glep-0076.rst
@@ -10,7 +10,7 @@ Type: Informational
 Status: Active
 Version: 1.1
 Created: 2013-04-23
-Last-Modified: 2021-12-26
+Last-Modified: 2022-07-02
 Post-History: 2018-06-10, 2018-06-19, 2018-08-31, 2018-09-26
 Content-Type: text/x-rst
 ---
@@ -393,8 +393,8 @@ References
 .. [#CC-PDM-1.0] Creative Commons: Public Domain Mark 1.0,
    https://creativecommons.org/publicdomain/mark/1.0/
 
-.. [#CHROMIUM] Chromium: Contributing Code,
-   https://www.chromium.org/developers/contributing-code#TOC-Legal-stuff
+.. [#CHROMIUM] Contributing to Chromium,
+   https://chromium.googlesource.com/chromium/src/+/main/docs/contributing.md#Legal-stuff
 
 
 Copyright


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     a8c95268e2f0de7c683703c84d6a2d2dda97f113
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  8 17:36:07 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 17:36:07 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=a8c95268

glep-0044: Delete duplicate reference

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0044.rst | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/glep-0044.rst b/glep-0044.rst
index c9f8cb1..bc945da 100644
--- a/glep-0044.rst
+++ b/glep-0044.rst
@@ -6,7 +6,7 @@ Type: Standards Track
 Status: Replaced
 Version: 1
 Created: 2005-12-04
-Last-Modified: 2019-11-07
+Last-Modified: 2022-07-08
 Post-History: 2005-12-06, 2006-01-23, 2006-09-03
 Content-Type: text/x-rst
 Replaced-By: 74
@@ -327,8 +327,6 @@ References
 
 .. [#manifest2-patch] https://archives.gentoo.org/gentoo-portage-dev/message/f2b5be6629510343bd50418429912b1d
 
-.. [#manifest2-example] glep-0044-extras/manifest2-example.txt
-
 Copyright
 =========
 


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     10a2746a9a44523e5a5f1ffe01aee0447e127635
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  6 16:38:40 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sun Jun 12 19:11:06 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=10a2746a

glep-0001: Clarify that multiple authors are comma-separated

This follows from headers being RFC 2822 style, but clarify it by
explicitly saying so.

Closes: https://bugs.gentoo.org/850121
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0001.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/glep-0001.rst b/glep-0001.rst
index 61a08a4..020fac3 100644
--- a/glep-0001.rst
+++ b/glep-0001.rst
@@ -8,7 +8,7 @@ Type: Informational
 Status: Active
 Version: 4
 Created: 2003-05-31
-Last-Modified: 2019-11-24
+Last-Modified: 2022-06-06
 Post-History: 2003-06-01, 2003-07-02, 2008-01-19, 2008-06-05, 2011-03-09,
               2013-12-14, 2017-09-17, 2018-07-10, 2019-11-24
 Content-Type: text/x-rst
@@ -273,7 +273,8 @@ if the email address is included, and just
 if the address is not given.
 
 If there are multiple authors, each should be on a separate line
-following RFC 2822 continuation line conventions.
+following RFC 2822 continuation line conventions. The list of authors is
+comma-separated, i.e. all lines but the last must end with a comma.
 
 The Type header specifies the type of GLEP: Informational or Standards
 Track.


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     73e2d7a991e47635f7a81a694c633bb346a6c3c6
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  6 13:59:14 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 10:16:04 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=73e2d7a9

glep-0078: Fix Author header

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 glep-0078.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 92d4547..fb0f6dc 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -1,7 +1,7 @@
 ---
 GLEP: 78
 Title: Gentoo binary package container format
-Author: Michał Górny <mgorny@gentoo.org>
+Author: Michał Górny <mgorny@gentoo.org>,
         Sheng Yu <syu.os@protonmail.com>
 Type: Standards Track
 Status: Draft


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] data/glep:glep-0078-update commit in: /
@ 2022-07-14 10:16 Michał Górny
  0 siblings, 0 replies; 14+ messages in thread
From: Michał Górny @ 2022-07-14 10:16 UTC (permalink / raw
  To: gentoo-commits

commit:     119d8ef975320ab37c642d5ff804fade8b2ad232
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 15:03:23 2022 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Mon Jul 11 18:58:10 2022 +0000
URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=119d8ef9

glep-0083: Initial draft of EAPI deprecation GLEP

Bug: https://bugs.gentoo.org/855362
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 glep-0083.rst | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)

diff --git a/glep-0083.rst b/glep-0083.rst
new file mode 100644
index 0000000..3f9b259
--- /dev/null
+++ b/glep-0083.rst
@@ -0,0 +1,134 @@
+---
+GLEP: 83
+Title: EAPI deprecation
+Author: Ulrich Müller <ulm@gentoo.org>
+Type: Informational
+Status: Draft
+Version: 1
+Created: 2022-06-30
+Last-Modified: 2022-07-11
+Post-History: 2022-07-11
+Content-Type: text/x-rst
+---
+
+
+Abstract
+========
+
+Introduce standardized criteria for deprecation and banning of EAPIs.
+
+
+Motivation
+==========
+
+So far, old EAPIs were deprecated by the Gentoo Council in an ad-hoc
+manner. No fixed criteria were used, resulting in very different
+deprecation times after approval of newer EAPIs. Standardized criteria
+for deprecation and banning will make the life cycle of EAPIs more
+predictable.
+
+
+Specification
+=============
+
+A *deprecated EAPI* is no longer required for the upgrade path of
+users' systems. Its use is discouraged, and tools like pkgcheck will
+warn about this [#COUNCIL-20130409]_.
+
+A *banned EAPI* must no longer be used, neither for new ebuilds, nor
+for updating of existing ebuilds [#COUNCIL-20140311]_.
+
+The Gentoo Council will deprecate an EAPI when two newer EAPIs are
+supported by the stable version of Portage, and one of them has been
+supported for 24 months.
+
+The Gentoo Council will ban a deprecated EAPI when it is used by less
+than 5 % of ebuilds in the Gentoo repository, but no sooner than 24
+months after its deprecation.
+
+EAPIs used in profiles are outside the scope of this GLEP.
+
+
+Rationale
+=========
+
+Timing of EAPI deprecation is a trade-off between different factors.
+On the one hand, the total number of EAPIs in active use should be
+limited; this will prevent the learning curve for new developers and
+contributors from becoming too steep and will help to reduce code
+complexity, e.g. in eclasses.
+
+On the other hand, an upgrade path to a stable system is guaranteed
+for one year, plus limited support for systems that are outdated more
+than a year [#COUNCIL-20091109]_. Therefore, previous EAPIs are still
+required during that time. A period of 24 months before deprecation
+has been chosen, which is more than the required minimum and will
+allow projects to support a longer upgrade path.
+
+Requiring two newer EAPIs before deprecation will allow ebuilds that
+are otherwise seldom updated to be bumped to the next but one EAPI
+immediately.
+
+A delay of 24 months between deprecation and ban will give ebuild
+authors enough time to update. This is especially relevant for
+overlays and downstream distributions. Since a banned EAPI is
+sufficient reason for updating an ebuild, an additional threshold of
+5 % is required, in order to keep the number of such updates (and bug
+reports requesting them) manageable.
+
+
+Backwards Compatibility
+=======================
+
+The following table compares the actual dates of deprecations and bans
+[#PMS-PROJECT]_ with the dates that would have resulted from the
+criteria proposed in this GLEP ("new date").
+
+.. csv-table::
+   :header-rows: 2
+   :stub-columns: 1
+   :widths: auto
+   :align: right
+
+   EAPI,Portage,Gentoo repo,deprecated,deprecated,diff.,banned,banned,diff.
+   ,stable,usage < 5 %,actual date,new date,months,actual date,new date,months
+   0,2005-12-26,2017-02-28,2014-02-25,2009-12-11,-50,2016-01-10,2017-02-28,+14
+   1,2007-12-11,2009-10-25,2013-04-09,2011-01-08,-27,2014-03-11,2013-01-08,-14
+   2,2009-01-08,2015-03-27,2013-04-09,2012-03-08,-13,2014-03-11,2015-03-27,+12
+   3,2010-03-08,2015-01-16,2014-02-25,2013-03-17,-11,2016-01-10,2015-03-17,-10
+   4,2011-03-17,2018-01-11,2015-10-11,2016-01-17,+3,2018-04-08,2018-01-17,-3
+   5,2012-12-11,2021-06-15,2018-05-13,2018-06-27,+1,2021-08-08,2021-06-15,-2
+   6,2016-01-17,2022-11-22 [*]_,2021-07-11,2021-07-05,0,,2023-07-05,
+   7,2018-06-27,,,,,,,
+   8,2021-07-05,,,,,,,
+
+.. [*] Extrapolated date, obtained by fitting data between 2021-01-01
+   and 2022-07-11 with an exponential function.
+
+
+References
+==========
+
+.. [#COUNCIL-20130409] "EAPI deprecation",
+   Gentoo Council meeting summary 2013-04-09
+   (https://projects.gentoo.org/council/meeting-logs/20130409-summary.txt).
+   Note: The original quote says "Repoman" instead of "pkgcheck".
+
+.. [#COUNCIL-20140311] "Ban on EAPI 1 and 2 should extend to updating
+   EAPI in existing ebuilds", Gentoo Council meeting summary 2014-03-11
+   (https://projects.gentoo.org/council/meeting-logs/20140311-summary.txt)
+
+.. [#COUNCIL-20091109] "Upgrade path for old systems",
+   Gentoo Council meeting summary 2009-11-09
+   (https://projects.gentoo.org/council/meeting-logs/20091109-summary.txt)
+
+.. [#PMS-PROJECT] Gentoo Package Manager Specification project
+   (https://wiki.gentoo.org/wiki/Project:Package_Manager_Specification#EAPI_life_cycle)
+
+
+Copyright
+=========
+
+This work is licensed under the Creative Commons Attribution-ShareAlike 4.0
+International License.  To view a copy of this license, visit
+https://creativecommons.org/licenses/by-sa/4.0/.


^ permalink raw reply related	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2022-07-14 10:16 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-14 10:16 [gentoo-commits] data/glep:glep-0078-update commit in: / Michał Górny
  -- strict thread matches above, loose matches on Subject: below --
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:16 Michał Górny
2022-07-14 10:13 Michał Górny
2022-06-06 14:00 Ulrich Müller
2022-06-06 14:00 Ulrich Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox