@c For double-sided printing, uncomment:
@c @setchapternewpage odd
@c This date is automagically updated when you save this file:
-@set lastupdate November 20, 2009
+@set lastupdate December 12, 2009
@c %**end of header
@dircategory GNU organization
@enumerate
@item
-The file to be distributed (for example, @file{foo.tar.gz}).
+The file to be distributed; for example, @file{foo.tar.gz}.
@item
-Detached GPG binary signature for (1), made using @samp{gpg -b}
-(for example, @file{foo.tar.gz.sig}).
+Detached GPG binary signature file for (1); for example,
+@file{foo.tar.gz.sig}. Make this with @samp{gpg -b foo.tar.gz}.
+
@item
-A clearsigned @dfn{directive file}, made using @samp{gpg --clearsign}
-(for example, @file{foo.tar.gz.directive.asc}).
+A clearsigned @dfn{directive file}; for example,
+@file{foo.tar.gz.directive.asc}. Make this by preparing the plain
+text file @file{foo.tar.gz.directive} and then run @samp{gpg
+--clearsign foo.tar.gz.directive}. @xref{FTP Upload Directive File -
+v1.1}, for the contents of the directive file.
@end enumerate
The names of the files are important. The signature file must have the
package. You also receive a message when your upload has been successfully
processed.
-One relatively easy way to create and transfer the necessary files is
-to use the @code{gnupload} script, which is available from the
+One automated way to create and transfer the necessary files is to use
+the @code{gnupload} script, which is available from the
@file{build-aux/} directory of the @code{gnulib} project at
@url{http://savannah.gnu.org/projects/gnulib}. @code{gnupload} can
also remove uploaded files. Run @code{gnupload --help} for a
@code{gnupload} uses the @code{ncftpput} program to do the actual
transfers; if you don't happen to have the @code{ncftp} package
installed, the @code{ncftpput-ftp} script in the @file{build-aux/}
-directory of @code{gnulib}. serves as a replacement which uses plain
+directory of @code{gnulib} serves as a replacement which uses plain
command line @code{ftp}.
-If you have difficulties processing an upload, email
+If you have difficulties with an upload, email
@email{ftp-upload@@gnu.org}.
@setfilename standards.info
@settitle GNU Coding Standards
@c This date is automagically updated when you save this file:
-@set lastupdate November 20, 2009
+@set lastupdate December 11, 2009
@c %**end of header
@dircategory GNU organization
distribution. So if you do distribute non-source files, always make
sure they are up to date when you make a new distribution.
-Make sure that the directory into which the distribution unpacks (as
-well as any subdirectories) are all world-writable (octal mode 777).
-This is so that old versions of @code{tar} which preserve the
-ownership and permissions of the files from the tar archive will be
-able to extract all the files even if the user is unprivileged.
-
-Make sure that all the files in the distribution are world-readable.
+Make sure that all the files in the distribution are world-readable, and
+that directories are world-readable and world-searchable (octal mode 755).
+We used to recommend that all directories in the distribution also be
+world-writable (octal mode 777), because ancient versions of @code{tar}
+would otherwise not cope when extracting the archive as an unprivileged
+user. That can easily lead to security issues when creating the archive,
+however, so now we recommend against that.
Don't include any symbolic links in the distribution itself. If the tar
file contains symbolic links, then people cannot even unpack it on
projects / gnulib.git / commitdiff