--- a/doc/maintain.texi
+++ b/doc/maintain.texi
@@ -5,7 +5,7 @@
 @c For double-sided printing, uncomment:
 @c @setchapternewpage odd
 @c This date is automagically updated when you save this file:
-@set lastupdate November 20, 2009
+@set lastupdate December 12, 2009
 @c %**end of header
 
 @dircategory GNU organization
@@ -1311,15 +1311,19 @@
 
 @enumerate
 @item
-The file to be distributed (for example, @file{foo.tar.gz}).
+The file to be distributed; for example, @file{foo.tar.gz}.
 
 @item
-Detached GPG binary signature for (1), made using @samp{gpg -b}
-(for example, @file{foo.tar.gz.sig}).
+Detached GPG binary signature file for (1); for example,
+@file{foo.tar.gz.sig}.  Make this with @samp{gpg -b foo.tar.gz}.
+
 
 @item
-A clearsigned @dfn{directive file}, made using @samp{gpg --clearsign}
-(for example, @file{foo.tar.gz.directive.asc}).
+A clearsigned @dfn{directive file}; for example,
+@file{foo.tar.gz.directive.asc}.  Make this by preparing the plain
+text file @file{foo.tar.gz.directive} and then run @samp{gpg
+--clearsign foo.tar.gz.directive}.  @xref{FTP Upload Directive File -
+v1.1}, for the contents of the directive file.
 @end enumerate
 
 The names of the files are important. The signature file must have the
@@ -1351,8 +1355,8 @@
 package. You also receive a message when your upload has been successfully
 processed.
 
-One relatively easy way to create and transfer the necessary files is
-to use the @code{gnupload} script, which is available from the
+One automated way to create and transfer the necessary files is to use
+the @code{gnupload} script, which is available from the
 @file{build-aux/} directory of the @code{gnulib} project at
 @url{http://savannah.gnu.org/projects/gnulib}.  @code{gnupload} can
 also remove uploaded files.  Run @code{gnupload --help} for a
@@ -1361,10 +1365,10 @@
 @code{gnupload} uses the @code{ncftpput} program to do the actual
 transfers; if you don't happen to have the @code{ncftp} package
 installed, the @code{ncftpput-ftp} script in the @file{build-aux/}
-directory of @code{gnulib}.  serves as a replacement which uses plain
+directory of @code{gnulib} serves as a replacement which uses plain
 command line @code{ftp}.
 
-If you have difficulties processing an upload, email
+If you have difficulties with an upload, email
 @email{ftp-upload@@gnu.org}.
 
 

--- a/doc/standards.texi
+++ b/doc/standards.texi
@@ -3,7 +3,7 @@
 @setfilename standards.info
 @settitle GNU Coding Standards
 @c This date is automagically updated when you save this file:
-@set lastupdate November 20, 2009
+@set lastupdate December 11, 2009
 @c %**end of header
 
 @dircategory GNU organization
@@ -4064,13 +4064,13 @@
 distribution.  So if you do distribute non-source files, always make
 sure they are up to date when you make a new distribution.
 
-Make sure that the directory into which the distribution unpacks (as
-well as any subdirectories) are all world-writable (octal mode 777).
-This is so that old versions of @code{tar} which preserve the
-ownership and permissions of the files from the tar archive will be
-able to extract all the files even if the user is unprivileged.
-
-Make sure that all the files in the distribution are world-readable.
+Make sure that all the files in the distribution are world-readable, and
+that directories are world-readable and world-searchable (octal mode 755).
+We used to recommend that all directories in the distribution also be
+world-writable (octal mode 777), because ancient versions of @code{tar}
+would otherwise not cope when extracting the archive as an unprivileged
+user.  That can easily lead to security issues when creating the archive,
+however, so now we recommend against that.
 
 Don't include any symbolic links in the distribution itself.  If the tar
 file contains symbolic links, then people cannot even unpack it on