![[GnuPG Logo]](logo-gnupg-light-purple-bg.png){kind=logo}
![](\"/share/logo-gnupg-light-purple-bg.png\"){kind=logo}
\n"
"Index of %s \n"
"\n"
"\n"
"\n",
esc_title, esc_title);
}
}
static void
print_footer (void)
{
if (!opt_html)
return;
if (opt_gpgweb)
{
fputs ("\n"
"\n"
"
\n"
"\n"
"\n");
}
}
/* Print COUNT directories from the array SORTED.
* Note: This function assumes that the CWD is the listed directory. */
static void
print_dirs (finfo_t *sorted, int count, int at_root)
{
int idx;
finfo_t fi;
int any = 0;
char *title = NULL;
for (idx=0; idx < count; idx++)
{
fi = sorted[idx];
if (!fi->is_dir)
continue;
if (!any && opt_html)
{
any = 1;
if (opt_gpgweb)
{
fputs ("\n"
"This is free software: you are free to change"
" and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n",
stdout);
exit (0);
}
else if (!strcmp (*argv, "--help"))
{
fputs ("usage: " PGMNAME " [options] directory [title]\n"
"Print an index for an FTP directory.\n\n"
"Options:\n"
" --version print program version\n"
" --verbose verbose diagnostics\n"
" --debug flyswatter\n"
" --reverse reverse sort order\n"
" --reverse-ver reverse only the version number order\n"
" --files-first print files before directories\n"
" --html output HTML\n"
" --gpgweb output HTML as used at gnupg.org\n"
" --readme include README file\n"
+ " --thumb DIR include standard thumbnails using DIR\n"
" --index FILE create index FILE\n"
" --exclude NAME ignore file NAME\n"
, stdout);
exit (0);
}
else if (!strcmp (*argv, "--verbose"))
{
opt_verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
opt_debug++;
argc--; argv++;
}
else if (!strcmp (*argv, "--reverse"))
{
opt_reverse = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--reverse-ver"))
{
opt_reverse_ver = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--files-first"))
{
opt_files_first = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--readme"))
{
opt_readme = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--thumb"))
+ {
+ argc--; argv++;
+ if (!argc || !**argv)
+ die ("argument missing for option '%s'\n", argv[-1]);
+ opt_thumb = *argv;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--html"))
{
opt_html = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--index"))
{
argc--; argv++;
if (!argc || !**argv)
die ("argument missing for option '%s'\n", argv[-1]);
opt_index = *argv;
argc--; argv++;
}
else if (!strcmp (*argv, "--gpgweb"))
{
opt_gpgweb = opt_html = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--exclude"))
{
argc--; argv++;
if (!argc || !**argv)
die ("argument missing for option '%s'\n", argv[-1]);
sl = xmalloc (sizeof *sl + strlen (*argv));
strcpy (sl->d, *argv);
sl->next = opt_exclude;
opt_exclude = sl;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
die ("unknown option '%s' (use --help)\n", *argv);
}
if (argc < 1 || argc > 2)
die ("usage: " PGMNAME " [options] directory [title]\n");
+ if (opt_html && opt_thumb)
+ {
+ char *p = xstrdup (html_escape_href (opt_thumb));
+ opt_thumb = p;
+ }
scan_directory (argv[0], argv[1]? argv[1]:argv[0]);
return 0;
}
/*
Local Variables:
compile-command: "cc -Wall -g -o ftp-indexer ftp-indexer.c"
End:
*/
diff --git a/web/Makefile b/web/Makefile
index e53d091..c4ba7f5 100644
--- a/web/Makefile
+++ b/web/Makefile
@@ -1,18 +1,35 @@
all: swdb.lst.sig
swdb.lst: swdb.mac
awk ' \
! /^#\+macro:/ {next} \
$$2 ~ /ftp_.*/ {next} \
{print $$2, $$3} \
' swdb.mac >swdb.lst
swdb.lst.sig: swdb.lst
- gpg -sbu 0x249B39D24F25E3B6 swdb.lst
+ +(set -e; \
+ key=$$(grep '^SWDB_SIGNKEY=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\
+ if [ -z "$$key" ]; then \
+ echo "error: SWDB_SIGNKEY missing in ~/.gnupg-autogen.rc">&2; \
+ exit 2;\
+ fi;\
+ gpg -sbu "$$key" swdb.lst;\
+ )
-upload: swdb.lst.sig
+
+signcheck: swdb.lst
+ @set -e; \
+ tmp="$$(awk '$$1~/^.*_ver/{print $$1}' swdb.lst \
+ |sort|uniq -c|sort -nr|head -1|cut -b 1-7)"; \
+ if [ "$$tmp" -ne 1 ]; then \
+ echo "ERROR: Duplicate version numbers found" >&2; \
+ exit 1; \
+ fi
+
+upload: swdb.lst.sig signcheck
scp swdb.lst.sig swdb.lst playfair.gnupg.org:/var/www/git/versions.gnupg.org/htdocs/
scp swdb.lst.sig swdb.lst webbuilder@trithemius.gnupg.org:/var/www/www/www.gnupg.org/htdocs/
-.PHONY: upload all
+.PHONY: upload all signcheck
diff --git a/web/copying.org b/web/copying.org
index 705f2d6..8b12c3f 100644
--- a/web/copying.org
+++ b/web/copying.org
@@ -1,55 +1,59 @@
#+TITLE: GnuPG - Copying
#+STARTUP: showall
#+SETUPFILE: "share/setup.inc"
* Copying
#+index: Copying
Except when noted otherwise, these web pages are copyrighted by /The
GnuPG Project/. Given that such a legal entity does not exist, that
name should be considered a placeholder for the list of the actual
authors:
#+begin_verse
\copy 1998--2018 Werner Koch
\copy 2000--2002 Nils Ellmenreich
\copy 2001--2002 Mike Ashley
\copy 2002--2005 Lorenzo Cappelletti
\copy 2006--2006 David Shaw
+ \copy 2006 Thomas Wittek
\copy 2017--2018 Ben McGinnes
#+end_verse
# The Aegypten pages are under a different license - there authors are
# \copy 2001--2004 Bernhard Reiter
# \copy 2001--2005 Jan-Oliver Wagner
You can redistribute these pages and/or modify them under the terms
of the
[[http://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 Unported License]]
or alternatively under the terms of the
[[http://www.gnu.org/licenses/][GNU General Public License]] as published by the Free Software
Foundation; either version 3 of the License, or (at your option)
any later version.
If you wish to allow the use of your version of these pages only
under the terms of one of these licenses, indicate your decision by
deleting the respective above paragraph.
+ The [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=artwork/gnupg-logo.svg][canonical version]] of the logo can be found in the GnuPG code
+ repository; see its [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=artwork/README][README]] file for details.
+
** Remarks
For many years we maintained translation of these pages to French,
German, Italian, and Spanish. A big thank you to the translators:
Jean-Francois Paris, Walter Koch, Cristian Rigamonti, and Noel
David Torres Taño. Because we didn’t always managed to keep those
translation up to date, we decided in 2013 to abandon them. In
case translations are again demanded by users and sufficient
resources are available, the tentative plan is to setup individual
sites per language with language or country specific information.
Former version of these web pages have been marked as copyrighted
by the /Free Software Foundation/. However, a formal act to
transfer the copyright to them has never been conducted. Thus in
2013 these notices have been replaced by a reference to the list of
individual copyright holders.
diff --git a/web/devel/creating-a-release.org b/web/devel/creating-a-release.org
index a974fdd..688a022 100644
--- a/web/devel/creating-a-release.org
+++ b/web/devel/creating-a-release.org
@@ -1,249 +1,230 @@
#+TITLE: GnuPG Hacking - Creating a Release
#+STARTUP: showall indent
#+SETUPFILE: "share/setup.inc"
* Creating a Release
This is a description of the steps necessary to build a software
release of GnuPG and related software.
** Overview of the Build System
FIXME
** Stuff required
A Unix system, preferable Debian because that is what we use for our
development.
** Release Planning
If you are planning a new release and strings have changed you should
send a notification to all translators, so that they have time to
update their translations. The script ~build-aux/mail-to-translators~
in the gnupg-repo might be useful for this. You need to edit it to
actually send out something.
** Step by Step
*** Make sure that all new PO files are checked in.
*** Decide whether you want to update the automake standard files
These are mainly the files ~config.guess~ and ~config.sub~. In
-general these files should be the same for all package. Do not update
+general these files should be the same for all packages. Do not update
them for each release because having consistent files in all packages
can avoid bug reports due to different cpu-vendor-os strings
Commit these changes.
*** Update the translation files
Run:
: make -C po update-po
This merges the latest changes into the po files and disable entries
which do not anymore match. The latter is important for example to
avoid mismatches in printf format strings.
You should then commit the changes using a subject of "po: Auto
update".
*** Update the LT version
This affects only library packages. The libtool version (LT version)
is updated only right before a release. The configure.ac file has
comments on how to update them. Note that libraries which come with
language bindings may have several independent LT version.
FIXME: Describe why and how they are to be updated.
*** Write NEWS entries
Remember to set the release date in the NEWS file. For libraries it
is suggested to note the LT version as well. Use the format
"Cz/Ay/Rz" to give the Current/Age/Release numbers.
*** Check README and doc files
You may for example want to update the version information and make
sure that they still have correct information. Files you should look
at are for example:
- README
- AUTHORS
- src/versioninfo.rc.in (Windows)
*** Commit all changes with a subject of "Release m.n.o."
This is the final commit which has all changes for the version.
Do not push this commit.
*** Create a signed tag with the name "foo-m.n.o".
The git tag needs to be signed. We use hardware tokens to hold the
signing key. The command to do this is
: git tag -u KEYID foo-m.n.o
You will be asked for a message. Put a funny message or better the
main feature of this release into the commit log message.
Do not push this tag.
In case you need to restart the release process, you should first
remove the tag (=git tag -d foo-m.n.o=) and then also revert the last
commit.
*** Recreate the configure script
: ./autogen.sh --force
The option =--force= is required for the git magic in configure.ac to
work properly.
This calls autoconf and automake and does some M4 magic to encode the
the version number and information from Git into the new configure
script. Note that the created =configure= script may not be tracked
by Git.
*** Build a release tarball
This is easy:
: ./configure --enable-maintainer-mode
: make distcheck
it is suggested to run the latter inside Emacs so that the compile log
can be viewed for errors.
FIXME: Explain why and how to use a VPATH build.
*** Build and test the release
This is best done on a different machine. Make sure to also build the
Windows version so that you won't run into a surprise when building a
Windows versions later.
Keep a test build available for later.
*** Sign the tarball
Also store the created .swdb file away.
*** Copy the tarball to a staging area
*** Update the webpages
At least the file swdb.mac needs an update. This is done using the
saved swdb.
*** Prepare for the next release
- Add a new headline to NEWS.
- Bump the version number in configure.ac up (Do not bump the LT
version, though)
- Commit with a subject "Post release updates" or similar.
*** Push all changes
Do not forget to push also the tags.
In case you run into a conflict you need to start from scratch. That
is removing the last two commits from your local copy, removing the
tag, merge the changes, and to to the first step. Make sure that the
version and LT version numbers are correct for the second try. To
avoid this problem it is often better to work on a release branch and
later merge the changes back to master.
*** Copy the files from the staging area to the FTP server
*** Update the online docs
Using the final test build run a "make -C doc online".
*** Write an announcement.
** Notes on some packages
Here are some gotchas for certain packages
*** GnuPG
- Check that https://savannah.gnu.org/projects/gnupg is up to date.
This is a simple page which merely points to gnupg.org, though.
*** GnuPG Windows Installer
-To build a GnuPG >= 2.1 installer you need to change to a working
-directory, for example:
+The standard release process is to run
-: cd ~/b-w32/speedo
+: make release
-then cleanup and unpack the GnuPG source:
+or
-: rm -r PLAY PLAY-release
-: tar xjf /foo/bar/gnupg-m.n.o.tar.gz
+: make release WITH_MSI=1
-run a script which does about everything:
+after the "autogen.sh --force". This builds the release, the NSIS
+installer, optionally the stuff required for an MSI installer, signs
+the files, copies them to an archive etc.
-: make -f gnupg-m.n.o/build-aux/speedo.mk w32-release
-
-finally you should sign the created installer using:
-
-: make -f gnupg-m.n.o/build-aux/speedo.mk w32-sign-installer
-
-and also sign them using your release key:
-
-: gpg -sbvu MYKEY gnupg-w32-m.n.o_YYYYMMDD.tar.xz
-: gpg -sbvu MYKEY gnupg-w32-m.n.o_YYYYMMDD.exe
-
-You will end up with these files:
-
- - gnupg-w32-m.n.o_YYYYMMDD.tar.xz
- - gnupg-w32-m.n.o_YYYYMMDD.tar.xz.sig
- - gnupg-w32-m.n.o_YYYYMMDD.exe
- - gnupg-w32-m.n.o_YYYYMMDD.exe.sig
- - gnupg-w32-m.n.o_YYYYMMDD.exe.swdb
-
-Use the swdb file to update the swdb.mac and distribute tye other
-files (after testing).
+Use the dist/swdb.snippets to update the swdb.mac and distribute the
+other files (after testing).
*** Libgcrypt
*** GPGME
- As of version 1.9 build problems in "make distcheck" for the Python
bindings may turn up. The workaround is to use a fresh build
directory.
** Pitfalls
Sometimes you may run into problems without seeing the actual
problem. Here is a list of such things
*** Permission problem moving "xx.new.po" to "xx.po"
If during "make distcheck" you get an error about a permission problem
moving foo.new.po to foo.po; this is caused by a check whether the po
files can be re-created. Now if the first tarball has been created in
a different top directory and if there exists a no distributed file
with the string "GNU gnupg" (e.g. a log file from running make) you
end up with different comments in the po files. Check out
/usr/lib/gettext/project-id for that silliness. As a hack we added
this string into configure.ac.
diff --git a/web/devel/old-signature-keys.asc b/web/devel/old-signature-keys.asc
new file mode 100644
index 0000000..0ccf6f8
--- /dev/null
+++ b/web/devel/old-signature-keys.asc
@@ -0,0 +1,64 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I
+Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg
+jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7
+KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u
+qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB
+1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk
+aXN0IHNpZymJAVUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE
+2GkhI8QGXepeDzq1JJs50k8l47YFAl4MxBkFCRShVzYACgkQJJs50k8l47YImQf9
+HaqHWor+aSmaEwQnaAN0zRa4kPbAWya182aJtsFzLZJf6BbS0aoiMhwtREN/DMvB
+jzxARKep/cELaM+mc7oDK4mEwqSX/u6BE8D7FaNA9sut8P+4xjpoLPU+UzILMg29
+t1remjyT9rs6sbu8BqufIxueArkjoi4WCOSRiVTdw+YDd88volPkXlPfS8hg9Rct
+wZ8kEEDywa+NrxiLx+kDgDNTNdk3PJdfcnesf8S1a+KLUTNRds5+xGTYz0JSQ9BZ
+7Q9r4VQ/NL55muQZi5W7lVxdp3HxQFUNjHzzBfGtkpS4xqZpJvNjW50Wh5Vi5RYZ
+LZ3M1EuIHXHmRiY4dmqqcpkBDQRUUDsjAQgA5hBwN9F3OqKf+9mXCXUDK4lb5wMj
+dti96xG04gAn7wWo7On6c5ntriZQuRdR5GHcdw73XC6CFehHeo/eSVYiWqBNBAfE
+9UzbkES+cY+4wDzqVacqhKxd70XmHQgyK7ppRG/MwkL1UyArCGGAKN6MV/2fzO6I
+GQw3jntRue3/2PGGnGaisNAKlvttHWZ91uy4KY5fBM19uQCgZdx4v8/rP0+yQqsW
+TwJUKvymx5GIfNaCJvgF+v+aPrwspxBMf9jpHXqDXnh4Lo8C/GsQMD6GClVfQjsv
+vzUHKH2eoL4oNfku+Ua5BuAHYi+uAuzqV9TdpF9PCpQMyPfuuZclMPLdMwARAQAB
+tDJOSUlCRSBZdXRha2EgKEdudVBHIFJlbGVhc2UgS2V5KSA8Z25paWJlQGZzaWou
+b3JnPokBPAQTAQgAJgIbAwULBwgJAwQVCAkKBRYCAwEAAh4BAheABQJYDxRZBQkL
+S5A2AAoJECBxsIozvT8GvG8IAMBIlGz9voYcSSXAdQOuvz2gM2kOjvMHzN6VlS9V
+P06IjnTz2DnejFZwLmxJw8e8mZjUo0jw22uo1HREQhDrne3S1IazPMeTUCUNzpWF
+MxXNc6SAyrw9apWa8gouGUWJv3HOwVs8EFA2E9UdtDJ2uG7MY/+eC5K/aeOAyudZ
+EbvS8rgZypTFrBtBcNKUWZhz7FRn63HxEmYLE3p6I19ZDXrc1WTazF2oz18zym6c
+uURr6waRbdSemUTshpLnKCBZXzJ82bXBgXNnfdmc3gtS24ZmM3ZfK/rYztEDkiTk
+s2R1gwDwf5RtDpaf5LD2ufESdbLuT+8blAlscbgYLBcwDquZAQ0EVFBfBwEIAIdZ
+qPK/pFVlUzbDZcrq5trXWSokG3XlYKQYHA56iN3wFefAt5wvA1biualRmTwf427u
+No3PAVxj9ZelD/udeS0C+RqU7VdKUVlDtNljrky2QVUHKud7824NcVaN9a1lfepq
+hgD7PJRlAptPX6bolSkKIzuvyIZIO/2583km3F+V5PXii4cge7Z2pLmCXkWJuG47
+PmAwKSvCBUMnr2BfKY03Gy00jST1vViwrKM7Mtda+MXX0XE1owEVc+Vc050Pj8fG
+LbJ40N6sDSQabKjCwnQze2BoYf5pcD44Hav1BX+fm2On93sNL7IQaiJwUMnAUpmM
+qF9GHt7AEvzkeJ7uWWkAEQEAAbQmRGF2aWQgU2hhdyAoR251UEcgUmVsZWFzZSBT
+aWduaW5nIEtleSmJAT4EEwECACgFAlifejICGwMFCQm6du4GCwkIBwMCBhUIAgkK
+CwQWAgMBAh4BAheAAAoJEAQ3bz7ghWlZxQkH/jqydv77Kk8iFCNQ8dUdv1Tyv3ZB
+KH9cuLrHElyqiTOmJ/t8K+H4Ot6eUs5DOfAHU8M8GZOV9+/ante8QA8yhoQ4D+Lr
+umEPOyNpSseR6+y/R8AipfzIeZUpDvveGEP5Vu47b2gnuHsshDnKslJymY2YTYWO
+eNwcYeev1RqhThFBWoD2PIcRW35pG8q9ATMy0WVIiSfqsE15TkceHqgeGXOQ1Q/2
+ETFE8Giuh1YQfSvsTYL4I5GWhH1kb8QritT4WSnWZ1VK23aZo18blDFoWCx5P1f5
+Ax4PuS2G3kj+3TlyhIv/V0rJSOIenzgry5kh+LT0s8jZ1P2KSrkkc3zMddmYjgRD
+t/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNwQo8OSmVwIvY8UAI3tBorhF6ha9ni
+aqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYUTF0F/15piAF5dkZQ6dsmXVUkPNYM
+ZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz28iRH/UZcYLi/2iEAIIFWUJm0Jldl
+cm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpuQGdudS5vcmc+iLwEEwECACYCGwMG
+CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2MtwUJClROYQAKCRBTtiDQHODGMPB4
+A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhAtm3dxWeUxA16eYDWW/b9Lk5KnjtS
+WuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2qagd/nRchl9MPsdOgf/ug7j72Alv2
+V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+EwCV7i2e2u5kBogQ1oh4eEQQA/pdK
+4Oafa1uDN7Cr5nss4bNpg8YUSg01VVJ08KTCEdpCAPaU+NzaP3KD2ow74WU2gzP7
+0s9uSGQ2Vie4BLvOkaaBHba/3ivBrg3ILFrxbOfmKQg8Fhtncd/TBOwzfkkbxBNc
+VJuBPRtjZ3dlDbS4IPNsIIv2SuCIfQmA8qNGvWsAoIrJ90b2fzERCZkKtfkoyYA8
+fnNrBADhJ8RmIrKiCnDk3Tzk04nu6O8fp3ptrmnO7jluvDfsEVsYRjyMbDnbnjCG
+u1PeFoP2HZ+H9lp4CaQbyjWh2JlvI9UOc72V16SFkV0r8k0euNQXHhhzXWIkfz4g
+wSbBkN2nO5+6cIVeKnsdyFYkQyVs+Q86/PMfjo7utyrcWLq1CAQAou3da1JR6+KJ
+O4gUZVh2F1NoaVCEPAvlDhNV10/hwe5mS0kTjUJ1jMl56mwAFvhFFF9saW+eAnrw
+IOHjopbdHrPBmTJlOnNMHVLJzFlqjihwRRZQyL8iNu2mfarn9Mr28ut5BQmp0CnN
+EJ6hl0Cs7l2xagWFtlEK2II144vK3fG0J1dlcm5lciBLb2NoIChnbnVwZyBzaWcp
+IDxkZDlqbkBnbnUub3JnPohhBBMRAgAhAheABQkOFIf9BQJBvGheBgsJCAcDAgMV
+AgMDFgIBAh4BAAoJEGi3q4lXVI3NBJMAn01313ag0tgjrGUZtDlKYbmNIeMeAJ0U
+pVsjxpylBcSjsPE8MAki7Hb2Rw==
+=syRC
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/web/documentation/bts.org b/web/documentation/bts.org
index 04d322d..66e49bf 100644
--- a/web/documentation/bts.org
+++ b/web/documentation/bts.org
@@ -1,104 +1,104 @@
#+TITLE: GnuPG - BTS
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* Bug Tracking System
Our bug tracking system can be found at [[https://dev.gnupg.org][dev.gnupg.org]]. Please,
query the database before you create a new bug report (aka /Task/).
See below for some more information. Bug reports need to be written
in English.
If you can fix one of these bugs/limitations, we will certainly be
glad to receive a patch via the above platform or the gnupg-devel
mailing list. If the patch is non-trivial please read our
[[https://www.gnupg.org/faq/HACKING.html][coding guidelines]] first.
Our bug tracker can also be used to report problems related to this
GnuPG.org site. Simply, follow the instructions for a regular bug
and add the tag /gpgweb/.
** Hints on how to add a new bug
Please note that this bug tracker is a public resource and
everything you enter there will be available for the whole
networked world. It is similar to a public mailing list and there
is no easy way to retract any information.
You should follow these steps to enter a new bug (issue):
- Review the documentation and the mailing list archives to see
whether your problem has already been addressed. Often bugs are
mere configuration problems.
- Check that the bug has not yet been entered and that there is no
similar bug in the tracker. Use the search option for this. It
is best to also look through already closed (resolved)
issues.
- If you consider the bug a severe security problem and you do not
want to publish it, please write to security 'at' gnupg.org to
ask for advice and our encryption keys. See also the AUTHORS
file in each package.
- In the left sidebar select /Tasks/ and then click on /+ Create
Task/ which you find in the upper right corner. On our
development platform a /Task/ is a synonym for a /bug/.
- Come up with a meaningful short description of the bug and enter
this into the /Title/ field.
- - If you want to want to ask for a new feature or have another
- wish, please indicate the in the /Priority/ field. Bug should in
+ - If you want to ask for a new feature or have another
+ wish, please indicate this in the /Priority/ field. Bug should in
general be left at the default priority of /Needs Triage/ and you
should not assign the bug to anyone if you want to get it fixed
soon.
- Now for the most important field: The Description of the problem.
You enter this information into the, surprise, /Description/ field.
Please take care to use hard line breaks and format the report as
you would do by mail.\\
\nbsp{}\\
Make sure that you describe the bug as good as possible and try
to come up with a minimal recipe on how to replicate the bug. We
- need to know the version of the software and if you are using a
- non-released version the Git commit id. Use the separate field
+ need to know the version of the software and, if you are using a
+ non-released version, the Git commit id. Use the separate field
/Version/ at the bottom of the page for this. The type and
version of your operating system is usually important, so please
tell us. In particular tell us if your problem occurs on a
non-Unix system, i.e. MS Windows.
- If you want to provide more information, you may upload any kind
of file using the menu at the top of the /Description/ field.
However, please do this only if you are sure that these
information are important and that they do not contain
confidential data. Uploaded files will be public and it might
not be possible to retract them anymore. Avoid screen shots
unless you are asked for them. The problem with screen shots or,
worse, screen casts is that we would need to transcript them to
text for evaluating the problem. That takes away time we better
spend solving the problem; it is easy to help us by providing a
transcription.
- You may optionally assign one or more /Tags/ to a report. The
package name is a good guess ("gnupg", "libgcrypt", etc.). If
you know that the bug is Microsoft Windows specific, please enter
add the tag "w32". You do not need to do it if you already
specified Windows specific package (like "gpgol"). For macOS
specific bugs, use "MacOS".
- Please be kind and do _not_ assign a /Due Date/. We will later
evaluate the importance of bugs in the light of other open bugs.
- If you want to refer to an external bug description (for example
a similar entry in Debian's bug tracker), enter the URL into the
/External Link/ field.
- The /Version/ field should be filled as described above. If you
- don't know the version leave it blank and describe what you know
+ don't know the version, leave it blank and describe what you know
about the software in the /Description/ field.
- If everything is as you want it, click the /Create New Task/
button. This entry as well as all future changes will also be
mailed to you.
diff --git a/web/documentation/howtos.org b/web/documentation/howtos.org
index 0df53a8..6cd979f 100644
--- a/web/documentation/howtos.org
+++ b/web/documentation/howtos.org
@@ -1,132 +1,147 @@
#+TITLE: GnuPG - HOWTOs
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* HOWTOs
- There are several HOWTOs available.
+ There are several HOWTOs available. Unfortunately some of them are
+ not up-to-date.
-** GnuPG MiniHOWTO
+
+** Web Key Directory Installation HOWTO
+
+ We are working on a HOTWO for the Web Key Directory. For now
+ please consult the [[https://wiki.gnupg.org/WKD][Wiki]].
+
+** GPGME Python Bindings HOWTO
+
+ Written "in house" by the GnuPG Project core team, the GPGME Python
+ Bindings HOWTO provides detailed instructions and examples for
+ using the Python bindings of the GPGME API with Python 3 code.
+
+ This HOWTO is available:
+
+ - in its original Emacs Org Mode source form in the GPGME repository ( [[https://dev.gnupg.org/source/gpgme/browse/master/lang/python/docs/GPGMEpythonHOWTOen.org][en]] )
+ - as a single HTML file ( [[http://files.au.adversary.org/crypto/GPGMEpythonHOWTOen.html][en]] )
+ - as a single HTML file with dark background and light text ( [[http://files.au.adversary.org/crypto/GPGMEpythonHOWTOen-dark.html][en]] )
+
+** GnuPG SmartcardHOWTO
+
+ GnuPG supports the use of smartcards. This HOWTO explains how to
+ install and work with these cards.
+
+ - as on-line browsable HTML files ( [[../howtos/card-howto/en/smartcard-howto.html][en]] )
+ - as one big HTML file ( [[../howtos/card-howto/en/smartcard-howto-single.html][en]] )
+ - as plain text ( [[../howtos/card-howto/en/smartcard-howto.txt][en]] )
+
+ This smartcard howto is also available in the [[../download/git.org][source repository]].
+
+** Legacy GnuPG MiniHOWTO
+
+ /These howtos mostly describe the legacy version 1.4 of GnuPG/
You may get the best overview about the GnuPG system by reading the
mini HOWTO available in several formats:
- as on-line browsable HTML files (
[[../howtos/ca/GPGMiniHowto.html][ca]] ·
[[../howtos/de/index.html][de]] ·
[[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html][en]] ·
[[http://www.dewinter.com/gnupg_howto/spanish/index.html][es]] ·
[[../howtos/fr/index.html][fr]] ·
[[../howtos/it/GPGMiniHowto.html][it]] ·
[[../howtos/tr/GPGMinikNasil.html][tr]] ·
[[../howtos/vn/index.htm][vn]] ·
[[../howtos/zh/index.html][zh]] )
- as one big HTML file (
[[../howtos/ca/GPGMiniHowto_big.html][ca]] ·
[[../howtos/it/GPGMiniHowto_big.html][it]] )
- as PDF (
[[../howtos/ca/GPGMiniHowto.pdf][ca]] ·
[[../howtos/de/GPGMiniHowto.pdf][de]] ·
[[../howtos/it/GPGMiniHowto.pdf][it]] ·
[[../howtos/vn/GPGMiniHowto.pdf][vn]] )
- in postscript format (
[[../howtos/ca/GPGMiniHowto.ps][ca]] ·
[[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.ps][en]] ·
[[../howtos/de/GPGMiniHowto.ps][de]] )
- as DVI file ( [[../howtos/ca/GPGMiniHowto.dvi][ca]] )
- in RTF format ( [[../howtos/ca/GPGMiniHowto.rtf][ca]] )
- as plain text (
[[../howtos/ca/GPGMiniHowto.txt][ca]] ·
[[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.txt][en]] ·
[[../howtos/it/GPGMiniHowto.txt][it]] )
- as SGML (
[[../howtos/ca/GPGMiniHowto.sgml][ca]] ·
[[../howtos/de/GPGMiniHowto.sgml][de]] ·
[[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.sgml][en]] ·
[[../howtos/it/GPGMiniHowto.sgml][it]] ·
[[../howtos/tr/GPGMinikNasil.sgml.gz][tr]] )
- as gzipped tarball of them all ( [[../howtos/ca/GPGMiniHowto.tar.gz][ca]] )
-
-** GnuPG SmartcardHOWTO
-
- GnuPG supports the use of smartcards. This HOWTO explains how to
- install and work with these cards.
-
- - as on-line browsable HTML files ( [[../howtos/card-howto/en/smartcard-howto.html][en]] )
- - as one big HTML file ( [[../howtos/card-howto/en/smartcard-howto-single.html][en]] )
- - as plain text ( [[../howtos/card-howto/en/smartcard-howto.txt][en]] )
-
- This smartcard howto is also available in the [[../download/git.org][source repository]].
-
** GnuPG Keysigning Party HOWTO
+ /Due to problem with the keyservers, this howto should be considered
+ historic./
+
Once you get familiar with GnuPG's mechanisms, you surely wouldn't
miss one of its funnest (and useful) aspects: to meet your Internet
buddies and get your key signed by as many of them as possible.
But having to check tens or even hundreds of keys at a meeting may
become quite frustrating. Here it is where this HOWTO by V. Alex
Brennen comes in handy. It is a guide to understanding and
organizing a PGP keysigning party. Keysigning parties help build
and strengthen the web of trust which serves to make the use of
GnuPG more secure.
This HOWTO is available:
- as an on-line browsable set of HTML files (
[[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.de.html][de]] ·
[[http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html][en]] ·
[[../howtos/es/gpg-party.html][es]] ·
[[../howtos/it/keysigning_party.html][it]] ·
[[http://www.cypherpunks.ru/KSP.html][ru]] ·
[[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.si.html][si]] ·
[[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.zh-TW.html.big5][zh-TW.big5]] ·
[[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.zh-TW.html.euc-tw][zh-TW.euc-tw]] )
** Mutt-GnuPG HOWTO
+ /This howto might not be up to the current GnuPG version./
+
Firstly, because everyone should be using encryption and signatures
in their email. Secondly, because there are absolutely no reason
for you not to be using PGP-compatible software. Thirdly, because
documentation is mostly geared toward someone who is already
familiar with PGP. Fourtly, because we like to promote both GnuPG
and Mutt as free software project, for use in everyday
communications. Lastly, because Justin R. Miller likes writing
tutorials.
For all these reasons, you can find below a link to Justin's HOWTO
on how to send and receive cryptographically signed and/or
encrypted email with GnuPG and the [[http://www.mutt.org/][Mutt mail reader]].
This HOWTO is available:
- as plain text ( [[http://codesorcery.net/old/mutt/][en]] )
** PHP-GnuPG HOWTO
+ /This howto might not be up to the current GnuPG version./
+
With the preponderance of javascript based OpenPGP solutions to
various functions on the web, the desire to perform certain types
of server side functions on a PHP driven website also has its
merits.
While PHP support for GPGME is either lacking, or too arcane for
most developers to decipher, or both; Piotr Masełkowski at
[[https://maslosoft.com/][Maslosoft]] has an alternative guide using the CLI programs.
This HOWTO is available:
- as an online HTML article ( [[https://maslosoft.com/blog/2017/09/12/using-gpg-with-php-on-server/][en]] )
-
-** GPGME Python Bindings HOWTO
-
- Written "in house" by the GnuPG Project core team, the GPGME Python
- Bindings HOWTO provides detailed instructions and examples for
- using the Python bindings of the GPGME API with Python 3 code.
-
- This HOWTO is available:
-
- - in its original Emacs Org Mode source form in the GPGME repository ( [[https://dev.gnupg.org/source/gpgme/browse/master/lang/python/docs/GPGMEpythonHOWTOen.org][en]] )
- - as a single HTML file ( [[http://files.au.adversary.org/crypto/GPGMEpythonHOWTOen.html][en]] )
- - as a single HTML file with dark background and light text ( [[http://files.au.adversary.org/crypto/GPGMEpythonHOWTOen-dark.html][en]] )
diff --git a/web/documentation/index.org b/web/documentation/index.org
index 07a5f9f..878312c 100644
--- a/web/documentation/index.org
+++ b/web/documentation/index.org
@@ -1,40 +1,41 @@
#+TITLE: GnuPG - Support
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* Documentation
- [[file:howtos.org][HOWTOs]] :: Includes links to some HOWTOs available in several
languages to get out the best from GnuPG.
- [[file:manuals.org][Manuals]] :: A list of online available manuals which are also
provided with the software.
- [[file:guides.org][User Guides]] :: Draft versions of the user manual are available,
and there is also documentation covering
interoperation with PGP 2.x. In addition, the software comes with man
pages, and we have John Michael Ashley's /The GNU
Privacy Handbook/ (GPH).
- [[file:faqs.org][FAQs]] :: Online version of the FAQs is now available. Please
consult these FAQs before you ask on one of the mailing
lists or report a bug.
- [[file:security.org][Security]] :: How to report security problems.
- You may also notice that OpenPGP is a proposed Internet standard,
- described by [[https://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]].
+ You may also notice that OpenPGP is described by [[https://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]]. GnuPG
+ actually implements an updated version of this specification as
+ described by the [[https://datatracker.ietf.org/doc/draft-koch-openpgp-2015-rfc4880bis/][rfc4880bis]] document.
* Community support
- [[file:mailing-lists.org][Mailing lists]] :: Describes the purposes of each mailing list
hosted on this server and gives instruction on
how to subscribe. Links to other GnuPG-related
discussion groups are also available.
- [[https://wiki.gnupg.org][Wiki]] :: The official GnuPG Wiki contains community-maintained
documentation for GnuPG and related software.
- [[file:bts.org][BTS]] :: Before you report a bug, please consult the list of bugs.
* Other types of support
- [[../service.org][Commercial support]] :: Listing of companies offering commercial
support for GnuPG
- [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter.
diff --git a/web/documentation/mailing-lists.org b/web/documentation/mailing-lists.org
index b91079e..1154a33 100644
--- a/web/documentation/mailing-lists.org
+++ b/web/documentation/mailing-lists.org
@@ -1,81 +1,81 @@
#+TITLE: GnuPG - Mailing lists
#+STARTUP: showall indent
#+SETUPFILE: "../share/setup.inc"
#+OPTIONS: ^:{}
* Mailing lists
The contents of all messages sent to these mailing lists are assumed
to be in the public domain. Archives of these mailing lists are also
available; please click on the mailing list name below.
Please check the [[file:faqs.org][FAQ]] before you ask on one of the lists. If you want
to search these mailing lists (as well as other archives) please use
the service provided at [[http://marc.info/]]. If you do not want to
write to a public mailing list, check out the [[../service.org][commercial support]]
options.
| Name | Purpose | Lang |
|----------------+---------------------------------------------+------|
| | | |
| [[https://lists.gnupg.org/pipermail/gnupg-announce/][gnupg-announce]] | Release announcements (low-traffic) | en |
| | | |
| [[https://lists.gnupg.org/pipermail/gnupg-users/][gnupg-users]] | General discussion and help | en |
| [[https://lists.gnupg.org/pipermail/gnupg-br/][gnupg-br]] | Help among Portuguese/Brazil speaking users | br |
| [[https://lists.gnupg.org/pipermail/gnupg-de/][gnupg-de]] | Help among German speaking users | de |
| [[https://lists.gnupg.org/pipermail/gnupg-pt/][gnupg-pt]] | Help among Portuguese speaking users | pt |
| [[https://lists.gnupg.org/pipermail/gnupg-es/][gnupg-es]] | Help among Spanish speaking users | es |
| [[https://lists.gnupg.org/pipermail/gnupg-ru/][gnupg-ru]] | Help among Russian speaking users | ru |
| | | |
| [[https://lists.gnupg.org/pipermail/gnupg-devel/][gnupg-devel]] | Development discussion and bug tracking | en |
| [[https://lists.gnupg.org/pipermail/gcrypt-devel/][gcrypt-devel]] | Development of Libgcrypt | en |
| [[https://lists.gnupg.org/pipermail/gnupg-doc/][gnupg-doc]] | Development of documentation | en |
| [[https://lists.gnupg.org/pipermail/gnupg-commits/][gnupg-commits]] | Commit messages (read-only) | en |
| | | |
|----------------+---------------------------------------------+------|
A complete list of all mailing lists can also be found at our
[[https://lists.gnupg.org/mailman/listinfo/][mailing list manager]].
You may subscribe to these lists [[https://lists.gnupg.org/][via web]] or by sending an e-mail:
#+begin_example
To: -request@gnupg.org
Subject: subscribe
#+end_example
where // is the name of the mailing list as described
above.
Posting to these mailing lists is only allowed for subscribers;
postings from non-subscribers are held for approval but there is no
guarantee that the moderator can approve them in time; they may even
be dropped.
Some kinds of postings will not be accepted: e.g. large ones, mails
without the list name in the =To:= or =CC:= header and HTML mails.
All mail clients have an option to send plain text only messages; try
this if you don’t get a response.
Please write to the mailing lists in English unless it is language
specific list.
** Other discussion groups
There are also several other country-specific mailing-lists to
subscribe to. It is important to note that these mailing-lists are
not hosted on the GnuPG servers, but are of great help for all of
those who feel more confortable when speaking their own native
language.
- [[http://www.egroups.co.jp/group/gnupgnewsjapan/][GnuPG News Japan]] :: Discussion group for Japanese users.
- [[http://itlists.org/mailman/listinfo/gnupg-it/][gnupg-it]] :: Mailing list dedicated to GnuPG users who speak Italian.
* IRC and Jabber
The channel =#gnupg= on =irc.freenode.org= is a place to talk about
all gnupg related topics.
-The core GnuPG developers use the MUC =gnupg-devel= at conference dot
-jabber dot gnupg.org for their day to day work. Visitors are welcome.
+The core GnuPG developers use the Jabber MUC =gnupg-devel= at chat dot
+gnupg.org for their day to day work. Visitors are welcome.
diff --git a/web/documentation/manuals.org b/web/documentation/manuals.org
index d72ff1a..ff314e4 100644
--- a/web/documentation/manuals.org
+++ b/web/documentation/manuals.org
@@ -1,14 +1,15 @@
#+TITLE: GnuPG - Manuals
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* Manuals
This is a list of online available manuals. Those marked as "draft" may
document features not yet available in the released software version.
- GnuPG manual :: [[file:manuals/gnupg/][HTML]], [[file:manuals/gnupg.pdf][PDF]]
- Libgcrypt manual :: [[file:manuals/gcrypt/][HTML]], [[file:manuals/gcrypt.pdf][PDF]].
- Libksba manual :: [[file:manuals/ksba/][HTML]], [[file:manuals/ksba.pdf][PDF]].
- Libassuan manual :: [[file:manuals/assuan/][HTML]], [[file:manuals/assuan.pdf][PDF]].
- GPGME manual :: [[file:manuals/gpgme/][HTML]], [[file:manuals/gpgme.pdf][PDF]].
+ - Scute manual :: [[file:manuals/scute/][HTML]], [[file:manuals/scute.pdf][PDF]].
diff --git a/web/documentation/pressreview.org b/web/documentation/pressreview.org
index 612f5b5..6d7cca8 100644
--- a/web/documentation/pressreview.org
+++ b/web/documentation/pressreview.org
@@ -1,237 +1,244 @@
#+TITLE: GnuPG - Press Review
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* Press Review
GnuPG is sometimes mentioned in the press and other media. This page
lists articles related to GnuPG we are aware of.
- [[International][English]] articles
- [[French]] articles
- [[German]] articles
* International
Here are articles originally published in English.
** ArsTechnica UK 2016-12-20
[[http://arstechnica.co.uk/information-technology/2016/12/signal-does-not-replace-pgp/][Op-ed: Why I’m not giving up on PGP]]
** ProPublica 2015-02-05
The World’s Email Encryption Software Relies on One Guy, Who is Going Broke\\
Julia Angwin
[[http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke][Article]]
The article was followed up at many sites, for example:
English:
- [[http://arstechnica.com/security/2015/02/once-starving-gnupg-crypto-project-gets-a-windfall-but-can-it-be-saved/][Ars Technica]]
- [[http://www.computerworlduk.com/blogs/open-enterprise/gnupg-3597056/][Computerworld]]
- [[https://gigaom.com/2015/02/06/funds-flow-in-for-gnupg-author-after-article-reveals-his-plight/][GigaOm]]
- [[http://www.itwire.com/business-it-news/open-source/66886-facebook-stripe-pledge-funds-for-gnupg-development][IT Wire]]
- [[http://www.thegamersdrop.com/2015/02/05/facebook-stripe-pledge-100000year-broke-developer/][The Gamersdrop]]
- [[http://www.theregister.co.uk/2015/02/05/gnupg_funding/][The Register]]
French:
- [[http://www.01net.com/editorial/644468/le-chiffrement-open-source-gnupg-sauve-in-extremis-par-les-dons-des-internautes/][01net]]
German:
- [[http://www.admin-magazin.de/content/view/full/15613][Admin Magazin]]
- [[http://derstandard.at/2000011366952/Finanzierung-des-Mail-Verschluesselungsprojekts-GnuPG-gesichert][Der Standard]]
- [[http://www.handelsblatt.com/technik/it-internet/it-internet/verschluesselungsprojekt-gnupg-hat-wieder-geld/11338196.html][Handelsblatt]]
- [[http://www.heise.de/newsticker/meldung/Crowdfunding-GnuPG-Entwicklung-ist-gesichert-2542745.html][Heise]]
- [[http://www.focus.de/finanzen/news/wirtschaftsticker/unternehmen-finanzierung-von-mail-verschluesselungsprojekt-gnupg-vorerst-gesichert_id_4457801.html][Focus (dpa)]]
- [[http://www.nordbayern.de/finanzierung-von-mail-verschlusselungsprojekt-gnupg-vorerst-gesichert-1.4174524][Nürnberger Nachrichten / Nordbayern]] FIX URL!
- [[http://www.nzz.ch/mehr/digital/verschluesselte-e-mails-gnupg-spenden-1.18477365][NZZ]]
- [[http://www.spiegel.de/netzwelt/web/e-mail-verschluesselungsprojekt-gnupg-finanzierung-gesichert-a-1017120.html][Spiegel]]
- [[http://www.sueddeutsche.de/news/wirtschaft/internet-finanzierung-von-mail-verschluesselungsprojekt-gnupg-vorerst-gesichert-dpa.urn-newsml-dpa-com-20090101-150206-99-04523][Süddeutsche (dpa)]]
- [[http://www.wz-newsline.de/home/multimedia/finanzierung-von-mail-verschluesselungsprojekt-gnupg-vorerst-gesichert-1.1855606][Westdeutsche Zeitung]]
** LWN 2014-12-04
The GnuPG 2.1 release\\
Nathan Willis
[[https://lwn.net/Articles/624146/][Article]]
** Daily Mail, 2013-02-13
MI5-install-black-box-spy-devices\\
(mentioned in a sidebox)
[[http://www.dailymail.co.uk/sciencetech/article-2274388/MI5-install-black-box-spy-devices-monitor-UK-internet-traffic.html][Article]]
** NYT/IHT, 2012-11-16
Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t\\
By Nicole Perlroth
[[http://www.nytimes.com/2012/11/17/technology/trying-to-keep-your-e-mails-secret-when-the-cia-chief-couldnt.html][Article]] (registration required)
** LWN 2007-12-27:
GnuPG Celebrates 10 Years\\
(Werner’s mail with comments)
[[http://lwn.net/Articles/263256/][Article]]
** Linux Journal, March 2006, pp. 52--56:
GnuPG Hacks\\
Tony Stieber
[[http://www.linuxjournal.com/article/8732][Article]]
** Salon, 2002-03-27
Pretty geeky privacy\\
Bill Lamb
[[http://www.salon.com/technology/feature/2002/03/27/gnupg][Article]]
** NYT, 1999-11-19
Germany Awards Grant for Encryption\\
Peter Wayner
[[http://partners.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html][Article]]
# [[file:~/privat/archive/nyt-1999-11-19.txt]]
* French
** Linuxfr, 2017-06-08
Journal GnuPG lance une nouvelle campagne de financement\\
gouttegd
[[https://linuxfr.org/users/gouttegd/journaux/gnupg-lance-une-nouvelle-campagne-de-financement][Article]]
* German
Here are articles originally published in German.
+** BSI, 2018-09-27
+
+ BSI-Projekt "EasyGPG": E-Mail Verschlüsselung vereinfachen
+
+ [[https://www.bsi.bund.de/DE/Themen/Kryptografie_Kryptotechnologie/Kryptografie/EasyGPG/EasyGPG.html][Artikel]]
+
+
** Heise, 2017-06-06
Neue Crowdfunding-Runde für GnuPG-Entwicklung\\
Christiane Schulzki-Haddouti
[[https://www.heise.de/newsticker/meldung/Neue-Crowdfunding-Runde-fuer-GnuPG-Entwicklung-3735804.html][Artikel]]
** Netzpolitik.org, 2016-01-26
Die Person hinter GnuPG: Werner Koch\\
Simon Rebiger
[[https://netzpolitik.org/2016/die-person-hinter-gnupg-werner-koch/][Artikel]]
** WDR 5, 2016-01-18
GnuPG und der bescheidene Herr Koch\\
'Pain in the ass' der NSA\\
Mirjam Wlodawer.
[[http://www1.wdr.de/radio/wdr5/gnupg-koch-100.html][Artikel]] [[http://podcast-ww.wdr.de/medstdp/fsk0/91/910864/wdr5neugiergenuegtdasfeature_2016-01-18_wernerkochdermanndermitgnupgdiensaherausfordertwdr5neugiergenuegtdasfeature18012016_wdr5.mp3][Podcast]]
** DR Wissen, 2015-06-12
Schlüssel für Snowden\\
(in Einhundert, "Candystorm")\\
Monika Ahrens
[[http://dradiowissen.de/beitrag/kryptografie-werner-kochs-software-f%25C3%25BCr-edward-snowden][Artikel]]
** DW, 2015-02-19
Verschlüsselung made in Deutschland\\
Matthias Von-Hein
[[http://dw.de/p/1Eebj][Artikel]]
** SZ, 2015-02-18
Wie ein Mann das E-Mail-Geheimniss verteidigt\\
Hakan Tanriverdi
[[http://www.sueddeutsche.de/digital/verschluesselungssoftware-gnu-pg-wie-ein-mann-das-e-mail-geheimnis-verteidigt-1.2355155][Artikel]]
** FAZ, 2015-02-13
Finger Weg von meinen Daten!\\
Constanze Kurz
[[http://www.faz.net/aktuell/feuilleton/aus-dem-maschinenraum/verschluesselungssoftware-finger-weg-von-meinen-daten-13416853.html][Artikel]]
** taz, 2015-02-13
Der bescheidene Herr Koch\\
Kai Schlieter
[[http://www.taz.de/Verschluesselung-mit-GnuPG/!154635/][Artikel]]
** Rheinische Post, Lokalteil 2015-02-13
400000 Euro Spende für Programmierer\\
Dag Brückner
[[http://www.rp-online.de/nrw/staedte/erkrath/400-000-euro-spende-fuer-programmierer-aid-1.4869922][Artikel]]
** netzpolitik, 2014-11-13
Verschlüsselung im Bundestag: Fördern Bundesregierung
oder BSI die freie Software GnuPG?\\
Markus Beckedahl
[[https://netzpolitik.org/2014/verschluesselung-im-bundestag-foerdern-bundesregierung-oder-bsi-die-freie-software-gnupg/][Artikel]]
** Heise Ticker 2014-11-07
GnuPG unterstützt Krypto auf Elliptischen Kurven\\
Jürgen Schmidt
http://www.heise.de/newsticker/meldung/GnuPG-unterstuetzt-Krypto-auf-Elliptischen-Kurven-2444337.html
** Linux-Magazin 2014-08
Wer bezahlt die freien Krypto-Entwickler?\\
Chronisch klamm\\
Tim Schürmann
http://www.linux-magazin.de/Ausgaben/2014/08/Finanzierung/%28language%29/ger-DE
** Saarbrücker Zeitung, 2013-10-02, Seite E6
Sicherheit mit einem Klick\\
Von Martin Schäfer
# Attachment: Saar20131002.pdf
** Spiegel Online, 2013-07-04
Schutz gegen Internet-Spione: So verschlüsseln Sie Ihre E-Mails\\
Von Friedrich Lindenberg und Christian Stöcker
[[http://www.spiegel.de/netzwelt/netzpolitik/so-verschluesseln-sie-ihre-e-mails-mit-openpgp-a-909316.html][Artikel]]
** c't, 22/2013, Seite 136
Privatsache E-Mail\\
Nachrichten verschlüsseln und signieren mit PGP
** c't 20/2012, Seite 190
Vertrauen auf den ersten Blick\\
Automatische E-Mail-Verschlüsselung mit Steed\\
Autor: Holger Bleich, Bernhard Münkel
[[http://www.heise.de/artikel-archiv/ct/2012/20/190_Vertrauen-auf-den-ersten-Blick][Artikel]] (Paywall)
** FAS, 2010-08-15
So schützen Sie Ihre Mails\\
Nils Handler
/Die Bundesregierung hat Blackberry und iPhone verbannt, weil die
Geräte zu unsicher sind. Privatleute müssen sich ebenfalls wappnen./
[[http://fazarchiv.faz.net/document/showSingleDoc/FAS__SD1201008152800208?DT_from%3D&KO%3D&timeFilter%3D&timePeriod%3DtimeFilter&dosearch%3Dy&crxdefs%3D&sext%3D0&NN%3D&BC%3D&q%3DGnuPG&search_in%3Dq&sorting%3D&DT_to%3D&CO%3D&submitSearch%3DSuchen&maxHits%3D&CN%3D&toggleFilter%3D&annr%3D186182&highlight%3D%255C%2525eAEBEQDu%252F0IqOmdudXBnLEJFR1JJRkYsL3QFFQ%253D%253D][Artikel]] (Paywall)
# Telefonat am 2010-08-12 und 2010-08-14 für
** i'X 3/2009, Seite 161
Vor 10 Jahren:\\
Verschlüsseln mit GnuPG.
** i'X 3/1999, Seite 94
Schlüsselkind\\
Freie PGP-Implementierung GnuPG
[[http://www.heise.de/kiosk/archiv/ix/1999/3/94_Freie-PGP-Implementierung-GnuPG][Artikel]] (Paywall)
diff --git a/web/documentation/security.org b/web/documentation/security.org
index c724827..67e25d0 100644
--- a/web/documentation/security.org
+++ b/web/documentation/security.org
@@ -1,29 +1,43 @@
#+TITLE: GnuPG - Security
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
* Security
The GnuPG Project takes the security of software it develops very
seriously. In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)][full disclosure]] approach and all
bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/git.org][software
repository]] are public. Given that GnuPG is an important part of many
software distributions and severe bugs in GnuPG would affect their
users directly, we co-ordinate with them in private as soon as we
learn about a severe vulnerability.
Sometimes we receive pre-notifications of research which may lead to a
new kind of vulnerability. In these cases we may work with the
researchers in private on a solution and co-ordinate our fix release
with them.
+
+** Threat Model of libgcrypt
+
+For libgcrypt, as its a library, it is intended to be used widely.
+Thus, users can run the code in any environments as they wish.
+However, there are hardware which may allow access to fine-grained
+side channel. Those hardware related threats are out of the scope of
+libgcrypt threat model. It's up to users not to offer any access to
+those side channels in such use cases.
+
+
** Security contact
If you found a *severe* security problem and you do not want to
-publish it, please report it by mail to security at gnupg.org.
+publish it, please report it by mail to security at gnupg.org. We
+prefer reports in plain text format; if needed we can also work with
+PDF files. For security reasons we won't read any other complex data
+formats (e.g. docx or odt).
Note that we do not use a team OpenPGP key. Thus please write a
non-encrypted message to the security address and ask for the keys of
the developers at duty and then encrypt the mail to all of them. A
list of our core developers can be found [[../people/index.org][here]]; they are all active on
the gnupg-devel mailing list.
diff --git a/web/donate/checkout-se.org b/web/donate/checkout-se.org
index d8978b5..e70cd5f 100644
--- a/web/donate/checkout-se.org
+++ b/web/donate/checkout-se.org
@@ -1,204 +1,212 @@
# -*- html -*-
#+TITLE: GnuPG - Donate - Checkout using SEPA
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
#+BEGIN_HTML
This web page is
Copyright 2017 The GnuPG Project and licensed under a
Creative Commons Attribution-ShareAlike 4.0 International License. See
copying for details.
ftp.gnupg.org:%s
\n" "\n",
esc_title);
readme = fopen ("README", "r");
if (opt_readme && (readme = fopen ("README", "r")))
{
fputs ("
\n", stdout);
}
else
{
printf ("\n"
"\n"
"\n", stdout);
while (fgets (line, sizeof line, readme))
{
int no_lf = 0;
/* Eat up the rest of an incomplete line. */
if (!*line)
no_lf = 1;
else if (line[strlen (line)-1] != '\n')
{
no_lf = 1;
while ((c = getc (readme)) != EOF && c != '\n')
;
}
/* Replace empty lines with a leading doc by an empty
* line. These lines are used on FTP servers to avoid
* problems with broken FTP cleints. */
if (*line == '.')
{
for (p=line+1; (*p == ' ' || *p == '\t' || *p == '\n'); p++)
;
if (!*p)
{
putchar ('\n');
*line = 0;
}
}
if (*line)
fputs (html_escape_detect_link (line), stdout);
if (no_lf)
putchar ('\n');
}
fputs ("\n", stdout);
fclose (readme);
}
fputs ("Index of %s
\n" "![\"Traueranzeige:](\"/share/traueranzeige-g10_v2015.png\"" "\\"Article")
![\"CC](\"/share/cc-by-sa_80x15.png\")
Directories
\n" "\n"
"\n", stdout);
if (!at_root)
fputs ("
\n"
"
\n\n", stdout);
}
else if (opt_gpgweb && !at_root)
{
/* !any - need to print an UP link */
fputs ("![](\"/share/up.png\"") | "
"" "Parent Directory | ||
| " " | Directories | ||
| " "Parent Directory | |||
![](\"/share/folder.png\"") | "
"%s | ", html_escape_href (fi->name), html_escape (fi->name)); else printf ("||
| %s | ", html_escape_href (fi->name), html_escape (fi->name)); if (title) printf ("%s | ", title); fputs ("||
\n"
"\n"
"
\n"
"
\n", stdout);
}
free (title);
}
-/* Print COUNT files from the array SORTED. */
+/* Print COUNT files from the array SORTED. CWD is the current working
+ * directory. */
static void
-print_files (finfo_t *sorted, int count)
+print_files (const char *cwd, finfo_t *sorted, int count)
{
int idx;
finfo_t fi;
int any = 0;
for (idx=0; idx < count; idx++)
{
fi = sorted[idx];
if (!fi->is_reg)
continue;
if (!any && opt_html)
{
any = 1;
if (opt_gpgweb)
{
fputs (" | "
"" "Parent Directory |
Files
\n" "\n"
"\n", stdout);
}
else
fputs ("
\n"
"
\n\n", stdout);
}
}
-/* Scan DIRECTORY and print an index.
+static int
+has_image_suffix (const char *name)
+{
+ const char *suffixes[] = { "jpeg", "jpg", "png", "tiff", "gif",
+ "JPEG", "JPG", "PNG", "TIFF", "GIF" };
+ unsigned int i, n, namelen;
+
+ namelen = strlen (name);
+ for (i=0; i < DIM (suffixes); i++)
+ if (namelen > (n=strlen (suffixes[i]) + 1)
+ && name[namelen-n] == '.'
+ && !strcmp (name + namelen - n + 1, suffixes[i]))
+ return 1;
+ return 0;
+}
+
+
+/* SCAN DIRECTORY and print an index.
* FIXME: This does a chdir and does not preserve the old PWD.
- * The fix is to build the full filename beofre stat'ing.
+ * The fix is to build the full filename before stat'ing.
*/
static void
scan_directory (const char *directory, const char *title)
{
DIR *dir;
struct dirent *dentry;
finfo_t fi;
finfo_t finfo = NULL;
finfo_t *sorted;
int count = 0;
int idx;
size_t len;
strlist_t sl;
int at_root = 0;
+ char cwd[4096];
if (opt_gpgweb)
{
if (!strcmp (title, "/"))
at_root = 1;
}
else if (!strcmp (directory, "/"))
at_root = 1;
dir = opendir (directory);
if (!dir)
{
err ("can't open directory '%s': %s\n", directory, strerror (errno));
return;
}
while (errno=0,(dentry = readdir (dir)))
{
if (*dentry->d_name == '.')
continue; /* Skip self, parent, and hidden directories. */
len = strlen (dentry->d_name);
if (!len)
continue; /* Empty filenames should actually not exist. */
if (dentry->d_name[len-1] == '~')
continue; /* Skip backup files. */
for (sl = opt_exclude; sl; sl = sl->next)
if (!strcmp (sl->d, dentry->d_name))
break;
if (sl)
continue; /* Skip excluded names. */
fi = xcalloc (1, sizeof *fi + strlen (dentry->d_name));
strcpy (fi->name, dentry->d_name);
fi->next = finfo;
finfo = fi;
count++;
}
if (errno)
die ("error reading directory '%s': %s\n", directory, strerror (errno));
closedir (dir);
sorted = xcalloc (count, sizeof *sorted);
for (fi=finfo, idx=0; fi; fi = fi->next)
sorted[idx++] = fi;
inf ("directory '%s' has %d files\n", directory, count);
qsort (sorted, count, sizeof *sorted, sort_finfo);
if (chdir (directory))
die ("cannot chdir to '%s': %s\n", directory, strerror (errno));
+ if (!getcwd (cwd, sizeof cwd -1))
+ strcpy (cwd, "."); /* Ooops. */
+
for (idx=0; idx < count; idx++)
{
struct stat sb;
fi = sorted[idx];
if (stat (fi->name, &sb))
{
err ("cannot stat '%s': %s\n", fi->name, strerror (errno));
continue;
}
fi->is_dir = !!S_ISDIR(sb.st_mode);
fi->is_reg = !!S_ISREG(sb.st_mode);
fi->size = fi->is_reg? sb.st_size : 0;
fi->mtime = sb.st_mtime;
+ fi->is_image = !!has_image_suffix (fi->name);
}
print_header (title);
if (opt_files_first)
{
- print_files (sorted, count);
+ print_files (cwd, sorted, count);
print_dirs (sorted, count, at_root);
}
else
{
print_dirs (sorted, count, at_root);
- print_files (sorted, count);
+ print_files (cwd, sorted, count);
}
print_footer ();
/* We create the index file in the current directory. */
if (opt_index)
{
FILE *indexfp = fopen (opt_index, "w");
if (!indexfp)
die ("error creating '%s' for '%s': %s\n",
opt_index, directory, strerror (errno));
for (idx=0; idx < count; idx++)
{
fi = sorted[idx];
- fprintf (indexfp, "%s:%c:%llu:%lu:\n",
+ fprintf (indexfp, "%s:%c:%llu:%lu:%s:\n",
percent_escape (fi->name),
fi->is_dir? 'd':
fi->is_reg? 'r': '?',
fi->size,
- (unsigned long)fi->mtime);
+ (unsigned long)fi->mtime,
+ (opt_thumb && fi->is_image)?
+ get_thumbnail (cwd, fi->name) : "");
}
if (ferror (indexfp))
die ("error writing '%s' for '%s': %s\n",
opt_index, directory, strerror (errno));
/* Fixme: Check for close errors. */
fclose (indexfp);
}
free (sorted);
while ((fi = finfo))
{
fi = finfo->next;
free (finfo);
finfo = fi;
}
}
int
main (int argc, char **argv)
{
int last_argc = -1;
strlist_t sl;
+ assert (sizeof (u32) == 4);
+ {
+ union { u32 u; char b[4]; } foo;
+ foo.u = 32;
+ big_endian_host = !foo.b[0];
+ }
+
if (argc < 1)
die ("Hey, read up on how to use exec(2)\n");
argv++; argc--;
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--version"))
{
fputs (PGMNAME " " VERSION "\n"
"Copyright (C) 2017 g10 Code GmbH\n"
"License GPLv3+: GNU GPL version 3 or later"
" Files | |||
![](\"/share/%s.png\"") | "
"%s | " "%s | %s |
| "
+ " | "
+ "%s | %s | |
| %s | " "%s | %s | |
Summary
Single Euro Payments Area credit transfers can be used to transfer Euro within the 34 states of the European Union and 6 associated states.
Please send your donation to this bank account:
For a recurring donation please apply the instructions of your bank on how to enter a recurring payment (standing order).
- Always take care to give + Please use as reference so that we can match your name with your actual donation and list you as donor if desired. The given reference number expires in 30 days, thus please act in time. You may of course send a different amount but please send at least 5 Euro to cover the overhead costs.
+
+ Some banking interfaces require to enter the address of the account
+ owner:
+ g10 Code GmbH
+ Hüttenstr. 61
+ 40699 Erkrath
+ Germany
+
Thank you in advance for your donation.
This web page is
Copyright 2017 The GnuPG Project and licensed under a
Creative Commons Attribution-ShareAlike 4.0 International License. See
copying for details.