1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] Initial review: registration for text/vnd.gentoo.manifest

    From =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?=@21:1/5 to All on Wed Sep 7 16:20:04 2022
    Hi,

    I'd like to give it a shot and try to register a media type for GLEP 74 Manifest files. I've specifically chosen this type because it's
    relatively simple and well-specified. I'd like to request your feedback
    on the registration form, then ask Council for approving it and then
    send it to IANA media-types ml for feedback.


    ```
    Type name: text

    Subtype name: vnd.gentoo.manifest

    Required parameters:

    charset - always "UTF-8"


    Optional parameters:

    none


    Encoding considerations:

    8-bit text

    always encoded as UTF-8, the format technically permits encoding all
    Unicode characters as 7-bit escape codes


    Security considerations:

    The Manifest files are text files that are transmitted as part of larger
    file sets in order to provide integrity and authenticity verification
    for other files. They are primarily intended to be processed locally
    to verify transferred files.

    The format does not provide support for executable content. It does
    provide support for specifying arbitrary filenames to verify. Symbolic
    links are followed when opening files. The tools are explicitly
    required to be secured against attempting to read non-regular files.
    No other dangers were identified from the ability to verify arbitrary
    file checksums locally (GLEP 74 § 3.3).

    The initial Manifest file to be processed must not be compressed.
    It can contain an inline OpenPGP signature to provide authenticity verification. Every Manifest file can reference subsequent Manifest
    files to be processed. Subsequent Manifest files can be compressed.
    The tools are required to verify the integrity (and authenticity,
    if provided) of subsequent Manifest files prior to decompressing them
    (GLEP 74 § 3.2 / 3.12).

    The Manifest files have no special privacy considerations. The same
    privacy considerations as for the files covered by the Manifest apply.


    Interoperability considerations:

    The format is using UTF-8 encoding for best interoperability. Platforms
    using non-UTF-8 filesystem encoding need to be able to recode filenames
    to UTF-8. The format does not provide support for using raw filenames
    with unknown encoding.

    The format does not specify newline encoding. The implementations need
    to be able to support different platform newline conventions for
    portability.

    The format specifies the use of forward slash as a directory separator. Platforms using a different character need to convert paths
    appropriately.


    Published specification:

    GLEP 74: Full-tree verification using Manifest files https://www.gentoo.org/glep/glep-0074.html


    Applications that use this media type:

    The reference implementation for the format is provided by the gemato
    tool [1]. A subset of the format is also directly supported by Gentoo
    package managers, e.g. Portage [2] and pkgcore [3]. This list is not exhaustive.

    [1] https://github.com/projg2/gemato
    [2] https://wiki.gentoo.org/wiki/Project:Portage
    [3] https://github.com/pkgcore/pkgcore


    Fragment identifier considerations:

    None.


    Additional information:

    Deprecated alias names for this type: none
    Magic number(s): none
    File extension(s): none, the file is commonly named "Manifest"
    Macintosh file type code(s): none

    Person & email address to contact for further information:

    Michał Górny <mgorny@gentoo.org>


    Intended usage: COMMON

    Restrictions on usage:

    None.


    Author: Michał Górny <mgorny@gentoo.org>

    Change controller: Gentoo Council <council@gentoo.org>

    Provisional registration? (standards tree only): no
    ```

    --
    Best regards,
    Michał Górny

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)