From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 260B7158020 for ; Sun, 13 Nov 2022 20:20:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6DB12E08EB; Sun, 13 Nov 2022 20:20:10 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 546B2E08EB for ; Sun, 13 Nov 2022 20:20:10 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 48F7C340E1C for ; Sun, 13 Nov 2022 20:20:09 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 207C0741 for ; Sun, 13 Nov 2022 20:20:06 +0000 (UTC) From: "Ulrich Müller" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Ulrich Müller" Message-ID: <1668370781.e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.ulm@gentoo> Subject: [gentoo-commits] data/glep:master commit in: / X-VCS-Repository: data/glep X-VCS-Files: glep-0078.rst X-VCS-Directories: / X-VCS-Committer: ulm X-VCS-Committer-Name: Ulrich Müller X-VCS-Revision: e10ae4cbdd5233b5a249728b26cd4aeed20a85f5 X-VCS-Branch: master Date: Sun, 13 Nov 2022 20:20:06 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 6b84bd1e-681b-4340-974f-da9b2d874fd9 X-Archives-Hash: 21cbc3dc81bceef3e0fad000f64fe5e7 commit: e10ae4cbdd5233b5a249728b26cd4aeed20a85f5 Author: Michał Górny gentoo org> AuthorDate: Wed Sep 21 18:14:09 2022 +0000 Commit: Ulrich Müller gentoo org> CommitDate: Sun Nov 13 20:19:41 2022 +0000 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=e10ae4cb glep-0078: Clarify that Manifest must be present for signed binpkg Signed-off-by: Michał Górny gentoo.org> Signed-off-by: Ulrich Müller gentoo.org> glep-0078.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/glep-0078.rst b/glep-0078.rst index d77576a..3c7e899 100644 --- a/glep-0078.rst +++ b/glep-0078.rst @@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the archive must be listed in it and verify successfully. The package manager should ignore unknown files but preserve them across package updates. +For a binary package to be considered signed and suitable for +authenticity verification, the Manifest file must be present and contain +a valid signature. It is recommended to include detached signatures +for archive members as well. + Permitted .tar format features ------------------------------