From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 75CAC1396D9 for ; Fri, 27 Oct 2017 21:48:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5A8D0E0C0D; Fri, 27 Oct 2017 21:48:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0A6B1E0C01 for ; Fri, 27 Oct 2017 21:48:14 +0000 (UTC) Received: from pc1 (unknown [IPv6:2001:2012:127:3e00:b3bf:56a1:a140:6086]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: hanno) by smtp.gentoo.org (Postfix) with ESMTPSA id 07E0033BEA7 for ; Fri, 27 Oct 2017 21:48:11 +0000 (UTC) Date: Fri, 27 Oct 2017 23:48:04 +0200 From: Hanno =?UTF-8?B?QsO2Y2s=?= To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] GLEP 74: Full-tree verification using Manifest files Message-ID: <20171027234804.535f6e13@pc1> In-Reply-To: <1509048745.18656.6.camel@gentoo.org> References: <1509048745.18656.6.camel@gentoo.org> X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 770184a1-6eaa-4fee-bbd1-9d2bf6da5db0 X-Archives-Hash: 835413ec0e201bba8e4b9fc7ae1294f9 Hi, On Thu, 26 Oct 2017 22:12:25 +0200 Micha=C5=82 G=C3=B3rny wrote: > After a week of hard work, I'd like to request your comments > on the draft of GLEP 74. This GLEP aims to replace the old > tree-signing GLEPs 58 and 60 with a superior implementation and more > complete specification. Thanks for working on this, it's really one of the biggest security issues Gentoo has these days that need to be fixed. I hope I'll find time to read it in detail, but by skimming through it I noted that the downgrade attack prevention is kinda not very clear. It says in the timestamp section "The package manager can use it to detect an outdated repository checkout." But it doesn't say how exactly. Should a package manager reject a sync if it is too old? or not install packages if a sync hasn't happened for some time? What is considered "outdated"? I think that should be clarified how exactly it's supposed to work. --=20 Hanno B=C3=B6ck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42