# HG changeset patch # User Karl Berry # Date 1260636402 28800 # Node ID 29670982b798b21ec9e4aa150cc5142448b27cf1 # Parent eec126b290b09fa96ff7c86ceacf7492af7d435f autoupdate diff --git a/doc/maintain.texi b/doc/maintain.texi --- a/doc/maintain.texi +++ b/doc/maintain.texi @@ -5,7 +5,7 @@ @c For double-sided printing, uncomment: @c @setchapternewpage odd @c This date is automagically updated when you save this file: -@set lastupdate November 20, 2009 +@set lastupdate December 12, 2009 @c %**end of header @dircategory GNU organization @@ -1311,15 +1311,19 @@ @enumerate @item -The file to be distributed (for example, @file{foo.tar.gz}). +The file to be distributed; for example, @file{foo.tar.gz}. @item -Detached GPG binary signature for (1), made using @samp{gpg -b} -(for example, @file{foo.tar.gz.sig}). +Detached GPG binary signature file for (1); for example, +@file{foo.tar.gz.sig}. Make this with @samp{gpg -b foo.tar.gz}. + @item -A clearsigned @dfn{directive file}, made using @samp{gpg --clearsign} -(for example, @file{foo.tar.gz.directive.asc}). +A clearsigned @dfn{directive file}; for example, +@file{foo.tar.gz.directive.asc}. Make this by preparing the plain +text file @file{foo.tar.gz.directive} and then run @samp{gpg +--clearsign foo.tar.gz.directive}. @xref{FTP Upload Directive File - +v1.1}, for the contents of the directive file. @end enumerate The names of the files are important. The signature file must have the @@ -1351,8 +1355,8 @@ package. You also receive a message when your upload has been successfully processed. -One relatively easy way to create and transfer the necessary files is -to use the @code{gnupload} script, which is available from the +One automated way to create and transfer the necessary files is to use +the @code{gnupload} script, which is available from the @file{build-aux/} directory of the @code{gnulib} project at @url{http://savannah.gnu.org/projects/gnulib}. @code{gnupload} can also remove uploaded files. Run @code{gnupload --help} for a @@ -1361,10 +1365,10 @@ @code{gnupload} uses the @code{ncftpput} program to do the actual transfers; if you don't happen to have the @code{ncftp} package installed, the @code{ncftpput-ftp} script in the @file{build-aux/} -directory of @code{gnulib}. serves as a replacement which uses plain +directory of @code{gnulib} serves as a replacement which uses plain command line @code{ftp}. -If you have difficulties processing an upload, email +If you have difficulties with an upload, email @email{ftp-upload@@gnu.org}. diff --git a/doc/standards.texi b/doc/standards.texi --- a/doc/standards.texi +++ b/doc/standards.texi @@ -3,7 +3,7 @@ @setfilename standards.info @settitle GNU Coding Standards @c This date is automagically updated when you save this file: -@set lastupdate November 20, 2009 +@set lastupdate December 11, 2009 @c %**end of header @dircategory GNU organization @@ -4064,13 +4064,13 @@ distribution. So if you do distribute non-source files, always make sure they are up to date when you make a new distribution. -Make sure that the directory into which the distribution unpacks (as -well as any subdirectories) are all world-writable (octal mode 777). -This is so that old versions of @code{tar} which preserve the -ownership and permissions of the files from the tar archive will be -able to extract all the files even if the user is unprivileged. - -Make sure that all the files in the distribution are world-readable. +Make sure that all the files in the distribution are world-readable, and +that directories are world-readable and world-searchable (octal mode 755). +We used to recommend that all directories in the distribution also be +world-writable (octal mode 777), because ancient versions of @code{tar} +would otherwise not cope when extracting the archive as an unprivileged +user. That can easily lead to security issues when creating the archive, +however, so now we recommend against that. Don't include any symbolic links in the distribution itself. If the tar file contains symbolic links, then people cannot even unpack it on