* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2007-11-28 0:25 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2007-11-28 0:25 UTC (permalink / raw
To: gentoo-commits
robbat2 07/11/28 00:25:36
Modified: 00-proposal-overview
Log:
This document is 99% ready to go now.
Revision Changes Path
1.4 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.3&r2=1.4
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- 00-proposal-overview 12 Oct 2006 12:36:00 -0000 1.3
+++ 00-proposal-overview 28 Nov 2007 00:25:36 -0000 1.4
@@ -1,7 +1,7 @@
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.3 $
-Last-Modified: $Date: 2006/10/12 12:36:00 $
+Version: $Revision: 1.4 $
+Last-Modified: $Date: 2007/11/28 00:25:36 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>,
Patrick Lauer <patrick@gentoo.org>,
Status: Draft
@@ -11,9 +11,6 @@
Updated: May 2006, October 2006
Post-History: ...
-TODO:
-- Solar to review security aspects
-
Abstract
========
This is the first in a series of 4 GLEPs. It aims to define the actors
@@ -43,20 +40,22 @@
tainted data will be executed on user's systems.
Gentoo's software distribution system as it presently stands, contains a
-number of security shortcomings. The last discussion on the -dev ML
-[http://thread.gmane.org/gmane.linux.gentoo.devel/38363] contains a good
-overview of most of them, in short:
-1. Unverifiable executable code distributed
-The most obvious instance are eclasses, but there are many other bits of
-the tree that are not signed at all right now. Modifying that data is
-trivial.
+number of security shortcomings. The last discussion on the gentoo-dev
+mailing list [http://thread.gmane.org/gmane.linux.gentoo.devel/38363]
+contains a good overview of most of the issues. Summarized here:
+1. Unverifiable executable code distributed:
+ The most obvious instance are eclasses, but there are many other bits
+ of the tree that are not signed at all right now. Modifying that data
+ is trivial.
2. Shortcomings of existing Manifest verification
-A lack and enforcement of policies, combined with suboptimal support in
-portage, makes it trivial to modify or replace the existing Manifests.
+ A lack and enforcement of policies, combined with suboptimal support
+ in portage, makes it trivial to modify or replace the existing
+ Manifests.
3. Vulnerability of existing infrastructure to attacks.
-The previous two items make it possible for a skilled attacker to design
-an attack and then execute it against specific portions of existing
-infrastructure. [TODO: Add more specifics].
+ The previous two items make it possible for a skilled attacker to
+ design an attack and then execute it against specific portions of
+ existing infrastructure (eg: Compromise a country-local rsync mirror,
+ and totally replace a package and it's Manifest).
Specification
=============
@@ -93,9 +92,9 @@
Attacks may be conducted against any of these entities. Obviously
direct attacks against Upstream and Users are outside of the scope of
-this GLEP as they are not in any way controlled or controllable by
-Gentoo - however attacks using Gentoo as a conduit (such as adding a
-payload at a mirror) must be considered.
+this series of GLEPs as they are not in any way controlled or
+controllable by Gentoo - however attacks using Gentoo as a conduit (such
+as adding a payload at a mirror) must be considered.
Processes
---------
@@ -106,7 +105,7 @@
2. Tree and distfile distribution from Infrastructure to Users, via the
mirrors (this includes both HTTP and rsync distribution).
-Both processes need their security improved. In GLEP n+2 we will discuss
+Both processes need their security improved. In [GLEPxx+2] we will discuss
how to improve the security of the first process. The relatively
speaking simpler process of file distribution will be described in
[GLEPxx+1]. Since it can be implemented without having to change the
@@ -181,6 +180,12 @@
Endnote: History of tree-signing in Gentoo
==========================================
+This is a brief review of every previous tree-signing discussion, the
+stuff before 2003-04-03 was very hard to come by, so I apologize if I've
+missed a discussion (I would like to hear about it). I think there was
+a very early private discussion with drobbins in 2001, as it's vaguely
+referenced, but I can't find it anywhere.
+
2002-06-06, gentoo-dev mailing list, users first ask about signing of
ebuilds:
[ http://thread.gmane.org/gmane.linux.gentoo.devel/1950 ]
--
gentoo-commits@gentoo.org mailing list
^ permalink raw reply [flat|nested] 7+ messages in thread
* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2007-12-11 9:29 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2007-12-11 9:29 UTC (permalink / raw
To: gentoo-commits
robbat2 07/12/11 09:29:16
Modified: 00-proposal-overview
Log:
Fix from genone.
Revision Changes Path
1.6 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.6&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.6&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.5&r2=1.6
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.5
retrieving revision 1.6
diff -p -w -b -B -u -u -r1.5 -r1.6
--- 00-proposal-overview 28 Nov 2007 04:36:48 -0000 1.5
+++ 00-proposal-overview 11 Dec 2007 09:29:16 -0000 1.6
@@ -1,7 +1,7 @@
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.5 $
-Last-Modified: $Date: 2007/11/28 04:36:48 $
+Version: $Revision: 1.6 $
+Last-Modified: $Date: 2007/12/11 09:29:16 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>,
Patrick Lauer <patrick@gentoo.org>,
Status: Draft
@@ -128,9 +128,9 @@ signed.
A simple example of such an attack and a partial solution for eclasses
is presented in [ http://thread.gmane.org/gmane.linux.gentoo.devel/24677
]. It shows quite well that any non-Gentoo controlled rsync mirror can
-modify executable code; as much of this code is per default run as user
+modify executable code; as much of this code is per default run as root
a malicious mirror could compromise hundreds of systems per day - if
-cloaked well enough such an attack could run for weeks before being
+cloaked well enough, such an attack could run for weeks before being
noticed. As there are no effective safeguards right now users are left
with the choice of either syncing from the sometimes slow or even
unresponsive Gentoo-controlled rsync mirrors or risk being compromised
--
gentoo-commits@gentoo.org mailing list
^ permalink raw reply [flat|nested] 7+ messages in thread
* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2008-07-01 7:00 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-07-01 7:00 UTC (permalink / raw
To: gentoo-commits
robbat2 08/07/01 07:00:16
Modified: 00-proposal-overview
Log:
Update the thanks section. Take bonsaikitten out of the authors because he vanished after the early research. Update some dates. Add one more bit of history from the gentoo-portage-dev mailing list.
Revision Changes Path
1.7 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.7&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.7&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.6&r2=1.7
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.6
retrieving revision 1.7
diff -p -w -b -B -u -u -r1.6 -r1.7
--- 00-proposal-overview 11 Dec 2007 09:29:16 -0000 1.6
+++ 00-proposal-overview 1 Jul 2008 07:00:15 -0000 1.7
@@ -1,14 +1,13 @@
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.6 $
-Last-Modified: $Date: 2007/12/11 09:29:16 $
-Author: Robin Hugh Johnson <robbat2@gentoo.org>,
- Patrick Lauer <patrick@gentoo.org>,
+Version: $Revision: 1.7 $
+Last-Modified: $Date: 2008/07/01 07:00:15 $
+Author: Robin Hugh Johnson <robbat2@gentoo.org>
Status: Draft
Type: Informational
Content-Type: text/plain
Created: November 2005
-Updated: May 2006, October 2006, Novemeber 2007
+Updated: May 2006, October 2006, Novemeber 2007, June 2008
Post-History: ...
Abstract
@@ -236,7 +235,7 @@ summarizing the points of the previous t
track the various weaknesses.
http://marc.theaimsgroup.com/?l=gentoo-dev&m=108017986400698&w=2
-2004-May-31, Gentoo managers meeting, portage team reports that
+2004-05-31, Gentoo managers meeting, portage team reports that
FEATURES=sign is now available, but large questions still exist over
verification policies and procedures, as well as handing of keys.
[ http://www.gentoo.org/proj/en/devrel/manager-meetings/logs/2004/20040531.txt ]
@@ -264,8 +263,13 @@ outstanding issues, also mentioning part
comparision between the signing procedures used in Slackware, Debian and
RPM-based distros.
+2005-11-19, gentoo-portage-dev mailing list, "Manifest signing" - Robin
+H. Johnson (robbat2) follows up the previous -core posting, discussion
+implementation issues.
+[ http://thread.gmane.org/gmane.linux.gentoo.portage.devel/1401 ]
+
2006-05-18, gentoo-dev mailing list, "Signing everything, for fun and for
-profit" - Patrick Lauer (patrick). Later brings up that Manifest2 is needed for
+profit" - Patrick Lauer (bonsaikitten). Later brings up that Manifest2 is needed for
getting everything right.
[ http://thread.gmane.org/gmane.linux.gentoo.devel/38363 ]
@@ -277,11 +281,11 @@ signing, management of keys, and revocat
Thanks
======
-I'd like to thank Patrick Lauer (patrick) for prodding me to keep
-working on the tree-signing project, as well helping with spelling,
-grammar, research (esp. tracking down every possible vulnerability that
-has been mentioned in past discussions, and integrating them in this
-overview).
+I'd like to thank Patrick Lauer (bonsaikitten) for prodding me
+to keep working on the tree-signing project, as well helping with
+spelling, grammar, research (esp. tracking down every possible
+vulnerability that has been mentioned in past discussions, and
+integrating them in this overview).
Copyright
=========
--
gentoo-commits@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 7+ messages in thread
* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2008-07-13 6:45 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-07-13 6:45 UTC (permalink / raw
To: gentoo-commits
robbat2 08/07/13 06:45:04
Modified: 00-proposal-overview
Log:
Add a TODO note for myself.
Revision Changes Path
1.10 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.10&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.10&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.9&r2=1.10
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.9
retrieving revision 1.10
diff -p -w -b -B -u -u -r1.9 -r1.10
--- 00-proposal-overview 13 Jul 2008 02:23:36 -0000 1.9
+++ 00-proposal-overview 13 Jul 2008 06:45:03 -0000 1.10
@@ -1,7 +1,11 @@
+TODO:
+- Add mention of signed HTTP snapshots from 01
+- Add replay attacks from Cappos et al.
+
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.9 $
-Last-Modified: $Date: 2008/07/13 02:23:36 $
+Version: $Revision: 1.10 $
+Last-Modified: $Date: 2008/07/13 06:45:03 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>
Status: Draft
Type: Informational
--
gentoo-commits@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 7+ messages in thread
* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2008-10-09 21:33 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-09 21:33 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/09 21:33:53
Modified: 00-proposal-overview
Log:
Fix sentance structure, include reference to Cappos et al work and the existing signed HTTP snapshots.
Revision Changes Path
1.11 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.11&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.11&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.10&r2=1.11
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.10
retrieving revision 1.11
diff -p -w -b -B -u -u -r1.10 -r1.11
--- 00-proposal-overview 13 Jul 2008 06:45:03 -0000 1.10
+++ 00-proposal-overview 9 Oct 2008 21:33:53 -0000 1.11
@@ -1,11 +1,7 @@
-TODO:
-- Add mention of signed HTTP snapshots from 01
-- Add replay attacks from Cappos et al.
-
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.10 $
-Last-Modified: $Date: 2008/07/13 06:45:03 $
+Version: $Revision: 1.11 $
+Last-Modified: $Date: 2008/10/09 21:33:53 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>
Status: Draft
Type: Informational
@@ -96,8 +92,8 @@ are not maintained by Gentoo Infrastruct
Attacks may be conducted against any of these entities. Obviously
direct attacks against Upstream and Users are outside of the scope of
this series of GLEPs as they are not in any way controlled or
-controllable by Gentoo - however attacks using Gentoo as a conduit (such
-as adding a payload at a mirror) must be considered.
+controllable by Gentoo - however attacks using Gentoo as a conduit
+(including malicous mirrors) must be considered.
Processes
---------
@@ -141,6 +137,11 @@ by syncing from one of the community-pro
protection against this class of attacks is very easy to implement with
little added cost.
+At the level of mirrors, addition of malicious content is not the only
+attack. As discussed by Cappos et al [C08a,C08b], an attacker may use
+exclusion and replay attacks, possibly only on a specific subset of
+user to extend the window of opportunity on another exploit.
+
Security for Processes
------------------------
Protection for process #1 can never be complete (without major
@@ -165,7 +166,9 @@ objective is actually much closer than i
work has been completed for other things!. This is further discussed in
[GLEPxx+1]. As this process has the most to gain in security, and the
most immediate impact, it should be implemented before or at the same
-time as any changes to process #1.
+time as any changes to process #1. Security at this layer is already
+available in the signed daily snapshots, but we can extend it to cover
+the rsync mirrors as well.
Requirements pertaining to and management of keys (OpenPGP or otherwise)
is an issue that affects both processes, and is broken out into a
@@ -291,6 +294,17 @@ spelling, grammar, research (esp. tracki
vulnerability that has been mentioned in past discussions, and
integrating them in this overview).
+==========
+References
+==========
+
+[C08a] Cappos, J et al. (2008). "Package Management Security".
+ University of Arizona Technical Report TR08-02. Available online
+ from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
+[C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
+ Available online at:
+ http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
+
Copyright
=========
Copyright (c) 2006 by Robin Hugh Johnson. This material may be
^ permalink raw reply [flat|nested] 7+ messages in thread
* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2008-10-09 22:04 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-09 22:04 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/09 22:04:37
Modified: 00-proposal-overview
Log:
Add more recent history review.
Revision Changes Path
1.12 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.12&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.12&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.11&r2=1.12
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.11
retrieving revision 1.12
diff -p -w -b -B -u -u -r1.11 -r1.12
--- 00-proposal-overview 9 Oct 2008 21:33:53 -0000 1.11
+++ 00-proposal-overview 9 Oct 2008 22:04:37 -0000 1.12
@@ -1,7 +1,7 @@
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.11 $
-Last-Modified: $Date: 2008/10/09 21:33:53 $
+Version: $Revision: 1.12 $
+Last-Modified: $Date: 2008/10/09 22:04:37 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>
Status: Draft
Type: Informational
@@ -286,6 +286,37 @@ OpenPGP standard, with a focus on how it
signing, management of keys, and revocation.
[ http://thread.gmane.org/gmane.linux.gentoo.devel/38363/focus=38371 ]
+2007-04-11, gentoo-dev mailing list, "Re: *DEVELOPMENT* mail list,
+right?" - Robin H. Johnson (robbat2). A progress report on these very
+GLEPs.
+[ http://thread.gmane.org/gmane.linux.gentoo.devel/47752/focus=47908 ]
+
+2007-07-02, gentoo-dev mailing list, "Re: Re: Nominations open for the
+Gentoo Council 2007/08" - Robin H. Johnson (robbat2). Another progress
+report.
+[ http://thread.gmane.org/gmane.linux.gentoo.devel/50029/focus=50043 ]
+
+2007-11-30, portage-dev alias, "Manifest2 and Tree-signing" - Robin H.
+Johnson (robbat2). First review thread for these GLEPs, many suggestions
+from Marius Mauch (genone).
+
+2008-04-03, gentoo-dev mailing list, "Re: Monthly Gentoo Council
+Reminder for April" - Ciaran McCreesh (ciaranm). A thread in which
+Ciaran reminds everybody that simply making all the developers sign the
+tree is not sufficent to prevent all attacks.
+[ http://thread.gmane.org/gmane.linux.gentoo.devel/55508/focus=55542 ]
+
+2008-07-01, gentoo-portage-dev mailing list, "proto-GLEPS for
+Tree-signing" - Robin H. Johnson (robbat2). Thread looking for review
+input from Portage developers.
+[ http://thread.gmane.org/gmane.linux.gentoo.portage.devel/2686 ]
+
+2008-07-12, gentoo-portage-dev mailing list, "proto-GLEPS for
+Tree-signing, take 2" - Robin H. Johnson (robbat2). Integration of
+changes from previous review, and a prototype for the signing code.
+zmedico also posts a patch for a verification prototype.
+[ http://thread.gmane.org/gmane.linux.gentoo.portage.devel/2709 ]
+
Thanks
======
I'd like to thank Patrick Lauer (bonsaikitten) for prodding me
^ permalink raw reply [flat|nested] 7+ messages in thread
* [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview
@ 2008-10-22 0:33 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 7+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-22 0:33 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/22 00:33:31
Modified: 00-proposal-overview
Log:
Fix RST for validation.
Revision Changes Path
1.14 users/robbat2/tree-signing-gleps/00-proposal-overview
file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.14&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?rev=1.14&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview?r1=1.13&r2=1.14
Index: 00-proposal-overview
===================================================================
RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/00-proposal-overview,v
retrieving revision 1.13
retrieving revision 1.14
diff -p -w -b -B -u -u -r1.13 -r1.14
--- 00-proposal-overview 9 Oct 2008 23:23:12 -0000 1.13
+++ 00-proposal-overview 22 Oct 2008 00:33:30 -0000 1.14
@@ -1,7 +1,7 @@
GLEP: xx
Title: Security of distribution of Gentoo software - Overview
-Version: $Revision: 1.13 $
-Last-Modified: $Date: 2008/10/09 23:23:12 $
+Version: $Revision: 1.14 $
+Last-Modified: $Date: 2008/10/22 00:33:30 $
Author: Robin Hugh Johnson <robbat2@gentoo.org>
Status: Draft
Type: Informational
@@ -325,7 +328,6 @@ spelling, grammar, research (esp. tracki
vulnerability that has been mentioned in past discussions, and
integrating them in this overview).
-==========
References
==========
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2008-10-22 0:33 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-28 0:25 [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 00-proposal-overview Robin H. Johnson (robbat2)
-- strict thread matches above, loose matches on Subject: below --
2007-12-11 9:29 Robin H. Johnson (robbat2)
2008-07-01 7:00 Robin H. Johnson (robbat2)
2008-07-13 6:45 Robin H. Johnson (robbat2)
2008-10-09 21:33 Robin H. Johnson (robbat2)
2008-10-09 22:04 Robin H. Johnson (robbat2)
2008-10-22 0:33 Robin H. Johnson (robbat2)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox