* Call for volunteer(s) for Guix "security" web page @ 2016-09-16 16:14 Leo Famulari 2016-09-22 10:04 ` ng0 2016-09-25 22:52 ` Leo Famulari 0 siblings, 2 replies; 12+ messages in thread From: Leo Famulari @ 2016-09-16 16:14 UTC (permalink / raw) To: guix-devel [-- Attachment #1: Type: text/plain, Size: 1276 bytes --] Hello! GNU Guix should make it easier for bug reporters to contact us to report issues in Guix and Guix packages. So, we'd like to add a short "Security" page to our web site [0]. This page should: 1) Explain how to contact us privately about security issues [1], 2) Describe the Guix release signing key [2], 3) And include a link to the security updates section of the manual [3]. The page should be clear and concise. The main objectives are to make it easy for bug reporters to learn how to contact us, and to make it easy for anyone to know which key is used to sign our downloads. Does anyone volunteer to make this page? I like this example, although it does some things we don't plan to do at this time, such as provide a key for securely contacting the project, and explain how to use GnuPG: https://syncthing.net/security.html [0] Our web site is maintained in guix-artwork.git: git://git.savannah.gnu.org/guix/guix-artwork.git [1] Private communication should go to <guix-security@gnu.org> https://lists.gnu.org/mailman/listinfo/guix-security [2] The key should be described by the key fingerprint. https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html [3] https://www.gnu.org/software/guix/manual/html_node/Security-Updates.html [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-16 16:14 Call for volunteer(s) for Guix "security" web page Leo Famulari @ 2016-09-22 10:04 ` ng0 2016-09-27 18:04 ` Leo Famulari 2016-09-25 22:52 ` Leo Famulari 1 sibling, 1 reply; 12+ messages in thread From: ng0 @ 2016-09-22 10:04 UTC (permalink / raw) To: Leo Famulari, guix-devel Hi, I think this is a good idea, thanks for bringing this up. Leo Famulari <leo@famulari.name> writes: > Hello! > > GNU Guix should make it easier for bug reporters to contact us to report > issues in Guix and Guix packages. > > So, we'd like to add a short "Security" page to our web site [0]. This > page should: I think we (you?) should post this (not cross post / CC) to other lists as well, to gain some more attraction. > 1) Explain how to contact us privately about security issues [1], > > 2) Describe the Guix release signing key [2], > > 3) And include a link to the security updates section of the manual [3]. > > The page should be clear and concise. The main objectives are to make it > easy for bug reporters to learn how to contact us, and to make it easy > for anyone to know which key is used to sign our downloads. In my opinion this could be extended later by something similar to https://security.gentoo.org/ and its subpages. As we don't have much on that topic currently, we can't write about it. If this would be too much for the website, an inclusion in the manual of which security measurements a vanilla Guix offers would be good. One example: I stumbled upon our /dev/mem configuration only when I wanted to use flashrom for internal flashing. This is not documented anywhere. > Does anyone volunteer to make this page? > > I like this example, although it does some things we don't plan to do at > this time, such as provide a key for securely contacting the project, > and explain how to use GnuPG: > > https://syncthing.net/security.html > > [0] Our web site is maintained in guix-artwork.git: > git://git.savannah.gnu.org/guix/guix-artwork.git > > [1] Private communication should go to <guix-security@gnu.org> > https://lists.gnu.org/mailman/listinfo/guix-security > > [2] The key should be described by the key fingerprint. > https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html > > [3] > https://www.gnu.org/software/guix/manual/html_node/Security-Updates.html -- ng0 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-22 10:04 ` ng0 @ 2016-09-27 18:04 ` Leo Famulari 0 siblings, 0 replies; 12+ messages in thread From: Leo Famulari @ 2016-09-27 18:04 UTC (permalink / raw) To: ng0; +Cc: guix-devel On Thu, Sep 22, 2016 at 10:04:37AM +0000, ng0 wrote: > In my opinion this could be extended later by something similar to > https://security.gentoo.org/ and its subpages. > As we don't have much on that topic currently, we can't write about > it. If this would be too much for the website, an inclusion in the > manual of which security measurements a vanilla Guix offers would be > good. > One example: I stumbled upon our /dev/mem configuration only when I > wanted to use flashrom for internal flashing. This is not documented > anywhere. It's a good idea, but of course somebody needs to actually do the work :) My primary goal for this page right now is to make it easy to for anyone to learn how to contact us about security issues. I'm hoping this page is the first result on DuckDuckGo and Google for "guix security". ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-16 16:14 Call for volunteer(s) for Guix "security" web page Leo Famulari 2016-09-22 10:04 ` ng0 @ 2016-09-25 22:52 ` Leo Famulari 2016-09-27 8:58 ` Ludovic Courtès 1 sibling, 1 reply; 12+ messages in thread From: Leo Famulari @ 2016-09-25 22:52 UTC (permalink / raw) To: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 787 bytes --] On Fri, Sep 16, 2016 at 12:14:58PM -0400, Leo Famulari wrote: > Hello! > > GNU Guix should make it easier for bug reporters to contact us to report > issues in Guix and Guix packages. > > So, we'd like to add a short "Security" page to our web site [0]. This > page should: > > 1) Explain how to contact us privately about security issues [1], > > 2) Describe the Guix release signing key [2], > > 3) And include a link to the security updates section of the manual [3]. I've attached my first draft of this page. This patch is for guix-artwork.git. Please give me your feedback. I'm specifically unsure of what to say about the signing key. Should we recommend that users get it from a certain place? Should we provide the public key itself on this page? [-- Attachment #1.2: 0001-www-security-New-page.patch --] [-- Type: text/plain, Size: 4510 bytes --] From 30699a5a8de5ac09c6fbba93be6b88a1d77bc039 Mon Sep 17 00:00:00 2001 From: Leo Famulari <leo@famulari.name> Date: Sun, 25 Sep 2016 18:43:28 -0400 Subject: [PATCH] www: security: New page. * website/www/security.scm: New file. * website/www.scm (%web-pages): Add security-page. * website/www/shared.scm (html-page-links): Add "Security". --- website/www.scm | 2 ++ website/www/security.scm | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ website/www/shared.scm | 1 + 3 files changed, 52 insertions(+) create mode 100644 website/www/security.scm diff --git a/website/www.scm b/website/www.scm index f0465eb..244830b 100644 --- a/website/www.scm +++ b/website/www.scm @@ -28,6 +28,7 @@ #:use-module (www about) #:use-module (www contribute) #:use-module (www help) + #:use-module (www security) #:use-module (sxml simple) #:use-module (sxml match) #:use-module (web client) @@ -335,6 +336,7 @@ Distribution.") ("donate/index.html" ,donate-page) ("download/index.html" ,download-page) ("help/index.html" ,help-page) + ("security/index.html" ,security-page) ;; ("packages/index.html" ,packages-page) ; Need Guix ;; ("packages/issues.html" ,issues-page) )) diff --git a/website/www/security.scm b/website/www/security.scm new file mode 100644 index 0000000..09e9748 --- /dev/null +++ b/website/www/security.scm @@ -0,0 +1,49 @@ +;;; GuixSD website --- GNU's advanced distro website +;;; Copyright © 2016 Leo Famulari <leo@famulari.name> +;;; +;;; This file is part of GuixSD website. +;;; +;;; GuixSD website is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU Affero General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GuixSD website is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU Affero General Public License for more details. +;;; +;;; You should have received a copy of the GNU Affero General Public License +;;; along with GuixSD website. If not, see <http://www.gnu.org/licenses/>. + +(define-module (www security) + #:use-module (www utils) + #:use-module (www shared) + #:export (security-page)) + +(define (security-page) + `(html (@ (lang "en")) + ,(html-page-header "Security") + ,(html-page-links) + (div (@ (id "content-box")) + (article + (h1 "Security") + (h2 "How to report security issues") + (p "To report sensitive security issues in Guix itself or the packages it " + "provides, you can write to the private mailing list " + (a (@ (href "https://lists.gnu.org/mailman/listinfo/guix-security")) + ("guix-security@gnu.org")) + ". This list is monitored by a small team of Guix " + "developers.") + (h2 "Release signatures") + (p "Releases of Guix and GuixSD are signed using the OpenPGP " + "key with the fingerprint " + "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5. " + "This key can be obtained from XXX.") + (h2 "Security updates") + (p "When security vulnerabilities are found in Guix or the " + "packages provided by Guix, we will provide " + (a (@ (href ,(base-url "manual/html_node/Security-Updates.html"))) + "security updates") + " quickly and with minimal disruption for users.") + ,(html-page-footer))))) diff --git a/website/www/shared.scm b/website/www/shared.scm index ed864ef..04be0f4 100644 --- a/website/www/shared.scm +++ b/website/www/shared.scm @@ -88,6 +88,7 @@ Functional package management,"))) ;; Note: valid only if `packages-page' is exported. (li (a (@ (href ,(base-url "packages"))) "Packages")) (li (a (@ (href ,(base-url "help"))) "Help")) + (li (a (@ (href ,(base-url "security"))) "Security")) (li (a (@ (href ,(base-url "contribute"))) "Contribute")) (li (a (@ (href ,(base-url "donate"))) "Donate")) (li (a (@ (href ,(base-url "about"))) "About"))))) -- 2.10.0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-25 22:52 ` Leo Famulari @ 2016-09-27 8:58 ` Ludovic Courtès 2016-09-27 18:16 ` Leo Famulari 2016-09-27 18:26 ` Leo Famulari 0 siblings, 2 replies; 12+ messages in thread From: Ludovic Courtès @ 2016-09-27 8:58 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Hi Leo, Thanks a lot both for sending the call and replying to it! :-) > From 30699a5a8de5ac09c6fbba93be6b88a1d77bc039 Mon Sep 17 00:00:00 2001 > From: Leo Famulari <leo@famulari.name> > Date: Sun, 25 Sep 2016 18:43:28 -0400 > Subject: [PATCH] www: security: New page. > > * website/www/security.scm: New file. > * website/www.scm (%web-pages): Add security-page. > * website/www/shared.scm (html-page-links): Add "Security". [...] > + (h2 "How to report security issues") > + (p "To report sensitive security issues in Guix itself or the packages it " > + "provides, you can write to the private mailing list " > + (a (@ (href "https://lists.gnu.org/mailman/listinfo/guix-security")) > + ("guix-security@gnu.org")) > + ". This list is monitored by a small team of Guix " > + "developers.") > + (h2 "Release signatures") > + (p "Releases of Guix and GuixSD are signed using the OpenPGP " > + "key with the fingerprint " > + "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5. " > + "This key can be obtained from XXX.") Maybe link to <https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html> or copy/paste the text? Though we should give a ‘gpg --recv-keys’ command that uses the full fingerprint instead of just the 64-bit ID (which is still too small, some say.) > + (h2 "Security updates") > + (p "When security vulnerabilities are found in Guix or the " > + "packages provided by Guix, we will provide " > + (a (@ (href ,(base-url "manual/html_node/Security-Updates.html"))) > + "security updates") > + " quickly and with minimal disruption for users.") Maybe also that Guix is a “rolling release”, so there’s currently no separate security-fix branch and all critical fixes go to master? I guess you can already commit that! I wonder if it would make sense to add a note on reproducible builds, ‘guix challenge’ and all that; later maybe! Note that you’ll then need to commit the resulting HTML to CVS(!) to that the update pages show up, as per the instructions available on the Savannah project page. If you’re unsure or anything, I can do that. Thank you! Ludo’. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-27 8:58 ` Ludovic Courtès @ 2016-09-27 18:16 ` Leo Famulari 2016-09-28 21:08 ` Ludovic Courtès 2016-09-27 18:26 ` Leo Famulari 1 sibling, 1 reply; 12+ messages in thread From: Leo Famulari @ 2016-09-27 18:16 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 805 bytes --] On Tue, Sep 27, 2016 at 10:58:09AM +0200, Ludovic Courtès wrote: > > + (h2 "Release signatures") > > + (p "Releases of Guix and GuixSD are signed using the OpenPGP " > > + "key with the fingerprint " > > + "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5. " > > + "This key can be obtained from XXX.") > > Maybe link to > <https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html> > or copy/paste the text? Though we should give a ‘gpg --recv-keys’ > command that uses the full fingerprint instead of just the 64-bit ID > (which is still too small, some say.) Here's a patch that uses the fingerprint in guix.texi. What do you think? Also, please verify that I've got it right :) [-- Attachment #1.2: 0001-doc-Give-the-full-key-fingerprint-instead-of-the-lon.patch --] [-- Type: text/plain, Size: 847 bytes --] From 64b1df0a9565154ac2a1bd5289a13572b00bb5e0 Mon Sep 17 00:00:00 2001 From: Leo Famulari <leo@famulari.name> Date: Tue, 27 Sep 2016 14:12:02 -0400 Subject: [PATCH] doc: Give the full key fingerprint instead of the long key ID. * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): Use fingerprint instead of long key ID. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index c159e12..239428a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10,7 +10,7 @@ @include version.texi @c Identifier of the OpenPGP key used to sign tarballs and such. -@set OPENPGP-SIGNING-KEY-ID 090B11993D9AEBB5 +@set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 @copying Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@* -- 2.10.0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-27 18:16 ` Leo Famulari @ 2016-09-28 21:08 ` Ludovic Courtès 0 siblings, 0 replies; 12+ messages in thread From: Ludovic Courtès @ 2016-09-28 21:08 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > From 64b1df0a9565154ac2a1bd5289a13572b00bb5e0 Mon Sep 17 00:00:00 2001 > From: Leo Famulari <leo@famulari.name> > Date: Tue, 27 Sep 2016 14:12:02 -0400 > Subject: [PATCH] doc: Give the full key fingerprint instead of the long key > ID. > > * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): Use fingerprint instead of > long key ID. OK, thanks! Ludo'. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-27 8:58 ` Ludovic Courtès 2016-09-27 18:16 ` Leo Famulari @ 2016-09-27 18:26 ` Leo Famulari 2016-09-28 21:07 ` Ludovic Courtès 2016-09-29 15:04 ` Leo Famulari 1 sibling, 2 replies; 12+ messages in thread From: Leo Famulari @ 2016-09-27 18:26 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 1746 bytes --] On Tue, Sep 27, 2016 at 10:58:09AM +0200, Ludovic Courtès wrote: > > + (h2 "Release signatures") > > + (p "Releases of Guix and GuixSD are signed using the OpenPGP " > > + "key with the fingerprint " > > + "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5. " > > + "This key can be obtained from XXX.") > > Maybe link to > <https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html> > or copy/paste the text? Though we should give a ‘gpg --recv-keys’ > command that uses the full fingerprint instead of just the 64-bit ID > (which is still too small, some say.) > > > + (h2 "Security updates") > > + (p "When security vulnerabilities are found in Guix or the " > > + "packages provided by Guix, we will provide " > > + (a (@ (href ,(base-url "manual/html_node/Security-Updates.html"))) > > + "security updates") > > + " quickly and with minimal disruption for users.") > > Maybe also that Guix is a “rolling release”, so there’s currently no > separate security-fix branch and all critical fixes go to master? I tried to implement these suggestion in the attached patch. > I wonder if it would make sense to add a note on reproducible builds, > ‘guix challenge’ and all that; later maybe! Yes, later. Volunteers still welcome :) > Note that you’ll then need to commit the resulting HTML to CVS(!) to > that the update pages show up, as per the instructions available on the > Savannah project page. If you’re unsure or anything, I can do that. I'll try it if this new patch is okay. [-- Attachment #1.2: 0001-www-security-New-page.patch --] [-- Type: text/plain, Size: 4926 bytes --] From eeff071ec9fbe527a97e2c7487e79e4b843916a1 Mon Sep 17 00:00:00 2001 From: Leo Famulari <leo@famulari.name> Date: Sun, 25 Sep 2016 18:43:28 -0400 Subject: [PATCH] www: security: New page. * website/www/security.scm: New file. * website/www.scm (%web-pages): Add security-page. * website/www/shared.scm (html-page-links): Add "Security". --- website/www.scm | 2 ++ website/www/security.scm | 55 ++++++++++++++++++++++++++++++++++++++++++++++++ website/www/shared.scm | 1 + 3 files changed, 58 insertions(+) create mode 100644 website/www/security.scm diff --git a/website/www.scm b/website/www.scm index f0465eb..244830b 100644 --- a/website/www.scm +++ b/website/www.scm @@ -28,6 +28,7 @@ #:use-module (www about) #:use-module (www contribute) #:use-module (www help) + #:use-module (www security) #:use-module (sxml simple) #:use-module (sxml match) #:use-module (web client) @@ -335,6 +336,7 @@ Distribution.") ("donate/index.html" ,donate-page) ("download/index.html" ,download-page) ("help/index.html" ,help-page) + ("security/index.html" ,security-page) ;; ("packages/index.html" ,packages-page) ; Need Guix ;; ("packages/issues.html" ,issues-page) )) diff --git a/website/www/security.scm b/website/www/security.scm new file mode 100644 index 0000000..efe8315 --- /dev/null +++ b/website/www/security.scm @@ -0,0 +1,55 @@ +;;; GuixSD website --- GNU's advanced distro website +;;; Copyright © 2016 Leo Famulari <leo@famulari.name> +;;; +;;; This file is part of GuixSD website. +;;; +;;; GuixSD website is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU Affero General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GuixSD website is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU Affero General Public License for more details. +;;; +;;; You should have received a copy of the GNU Affero General Public License +;;; along with GuixSD website. If not, see <http://www.gnu.org/licenses/>. + +(define-module (www security) + #:use-module (www utils) + #:use-module (www shared) + #:export (security-page)) + +(define (security-page) + `(html (@ (lang "en")) + ,(html-page-header "Security") + ,(html-page-links) + (div (@ (id "content-box")) + (article + (h1 "Security") + (h2 "How to report security issues") + (p "To report sensitive security issues in Guix itself or the packages it " + "provides, you can write to the private mailing list " + (a (@ (href "https://lists.gnu.org/mailman/listinfo/guix-security")) + ("guix-security@gnu.org")) + ". This list is monitored by a small team of Guix " + "developers.") + (h2 "Release signatures") + (p "Releases of Guix and GuixSD are signed using the OpenPGP " + "key with the fingerprint " + "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5. " + "Users should " + (a (@ (href ,(base-url "manual/html_node/Binary-Installation.html"))) + "verify") + " their downloads before extracting or running them.") + (h2 "Security updates") + (p "When security vulnerabilities are found in Guix or the " + "packages provided by Guix, we will provide " + (a (@ (href ,(base-url "manual/html_node/Security-Updates.html"))) + "security updates") + " quickly and with minimal disruption for users.") + (p "Guix uses a \"rolling release\" model. All security " + "bug-fixes are pushed directly to the master branch. There" + " is no \"stable\" branch that only receives security fixes.") + ,(html-page-footer))))) diff --git a/website/www/shared.scm b/website/www/shared.scm index ed864ef..04be0f4 100644 --- a/website/www/shared.scm +++ b/website/www/shared.scm @@ -88,6 +88,7 @@ Functional package management,"))) ;; Note: valid only if `packages-page' is exported. (li (a (@ (href ,(base-url "packages"))) "Packages")) (li (a (@ (href ,(base-url "help"))) "Help")) + (li (a (@ (href ,(base-url "security"))) "Security")) (li (a (@ (href ,(base-url "contribute"))) "Contribute")) (li (a (@ (href ,(base-url "donate"))) "Donate")) (li (a (@ (href ,(base-url "about"))) "About"))))) -- 2.10.0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-27 18:26 ` Leo Famulari @ 2016-09-28 21:07 ` Ludovic Courtès 2016-09-29 15:04 ` Leo Famulari 1 sibling, 0 replies; 12+ messages in thread From: Ludovic Courtès @ 2016-09-28 21:07 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Tue, Sep 27, 2016 at 10:58:09AM +0200, Ludovic Courtès wrote: > From eeff071ec9fbe527a97e2c7487e79e4b843916a1 Mon Sep 17 00:00:00 2001 > From: Leo Famulari <leo@famulari.name> > Date: Sun, 25 Sep 2016 18:43:28 -0400 > Subject: [PATCH] www: security: New page. > > * website/www/security.scm: New file. > * website/www.scm (%web-pages): Add security-page. > * website/www/shared.scm (html-page-links): Add "Security". Very good, go ahead! :-) Thank you! Ludo’. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-27 18:26 ` Leo Famulari 2016-09-28 21:07 ` Ludovic Courtès @ 2016-09-29 15:04 ` Leo Famulari 2016-09-30 12:08 ` Ludovic Courtès 1 sibling, 1 reply; 12+ messages in thread From: Leo Famulari @ 2016-09-29 15:04 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 1019 bytes --] On Tue, Sep 27, 2016 at 02:26:53PM -0400, Leo Famulari wrote: > > Note that you’ll then need to commit the resulting HTML to CVS(!) to > > that the update pages show up, as per the instructions available on the > > Savannah project page. If you’re unsure or anything, I can do that. > > I'll try it if this new patch is okay. I read some parts of the CVS manual [0]. I checked out the CVS repo over SSH as directed by Savannah. Then, I copied all the new and changed files created by (export-web-site) in to the CVS tree. I want some reassurance that I'm doing the right thing before I do it :) My plan: $ cvs add security # The manual says that `cvs add` is not recursive. $ cvs add security/index.html $ cvs commit # I think this will commit all changes in tracked files. Does that look right? [0] For some reason nongnu.org/cvs directs users to archive.org for the manual... https://web.archive.org/web/20130202033128/http://ximbiot.com/cvs/manual/cvs-1.12.13/cvs_7.html#SEC68 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-29 15:04 ` Leo Famulari @ 2016-09-30 12:08 ` Ludovic Courtès 2016-09-30 18:06 ` Leo Famulari 0 siblings, 1 reply; 12+ messages in thread From: Ludovic Courtès @ 2016-09-30 12:08 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Hey Leo, Leo Famulari <leo@famulari.name> skribis: > On Tue, Sep 27, 2016 at 02:26:53PM -0400, Leo Famulari wrote: >> > Note that you’ll then need to commit the resulting HTML to CVS(!) to >> > that the update pages show up, as per the instructions available on the >> > Savannah project page. If you’re unsure or anything, I can do that. >> >> I'll try it if this new patch is okay. > > I read some parts of the CVS manual [0]. > > I checked out the CVS repo over SSH as directed by Savannah. Then, I > copied all the new and changed files created by (export-web-site) in to > the CVS tree. > > I want some reassurance that I'm doing the right thing before I do it :) > > My plan: > > $ cvs add security # The manual says that `cvs add` is not recursive. > $ cvs add security/index.html > $ cvs commit # I think this will commit all changes in tracked files. > > Does that look right? Right! In the meantime, I did it myself as I was pushing other changes. Sorry for stepping on your toes but hey! now you’re all set for next time! :-) Thanks, Ludo’. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Call for volunteer(s) for Guix "security" web page 2016-09-30 12:08 ` Ludovic Courtès @ 2016-09-30 18:06 ` Leo Famulari 0 siblings, 0 replies; 12+ messages in thread From: Leo Famulari @ 2016-09-30 18:06 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel On Fri, Sep 30, 2016 at 02:08:36PM +0200, Ludovic Courtès wrote: > Hey Leo, > > Leo Famulari <leo@famulari.name> skribis: > > > On Tue, Sep 27, 2016 at 02:26:53PM -0400, Leo Famulari wrote: > >> > Note that you’ll then need to commit the resulting HTML to CVS(!) to > >> > that the update pages show up, as per the instructions available on the > >> > Savannah project page. If you’re unsure or anything, I can do that. > >> > >> I'll try it if this new patch is okay. > > > > I read some parts of the CVS manual [0]. > > > > I checked out the CVS repo over SSH as directed by Savannah. Then, I > > copied all the new and changed files created by (export-web-site) in to > > the CVS tree. > > > > I want some reassurance that I'm doing the right thing before I do it :) > > > > My plan: > > > > $ cvs add security # The manual says that `cvs add` is not recursive. > > $ cvs add security/index.html > > $ cvs commit # I think this will commit all changes in tracked files. > > > > Does that look right? > > Right! > > In the meantime, I did it myself as I was pushing other changes. Sorry > for stepping on your toes but hey! now you’re all set for next time! > :-) Thank you :) ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2016-09-30 18:07 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-09-16 16:14 Call for volunteer(s) for Guix "security" web page Leo Famulari 2016-09-22 10:04 ` ng0 2016-09-27 18:04 ` Leo Famulari 2016-09-25 22:52 ` Leo Famulari 2016-09-27 8:58 ` Ludovic Courtès 2016-09-27 18:16 ` Leo Famulari 2016-09-28 21:08 ` Ludovic Courtès 2016-09-27 18:26 ` Leo Famulari 2016-09-28 21:07 ` Ludovic Courtès 2016-09-29 15:04 ` Leo Famulari 2016-09-30 12:08 ` Ludovic Courtès 2016-09-30 18:06 ` Leo Famulari
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).