Package: developers-reference Version: 3.4.18 Severity: wishlist Tags: patch The document "OpenPGP Best Practices"[1] is often recommended to new contributors. It is more up-to-date than the PGP FAQ. It would be great to include a link to this document in the Developer's Reference. git-am(1)-compatible patch attached. [1] https://riseup.net/en/security/message-security/openpgp/best-practices -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: i386 (i686) Kernel: Linux 4.5.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) developers-reference depends on no packages. Versions of packages developers-reference recommends: ii debian-policy 3.9.8.0 Versions of packages developers-reference suggests: ii doc-base 0.10.7 -- no debconf information -- Sean Whitton
From 26639c8ed362c9e2ace65c0663a0b32876f48479 Mon Sep 17 00:00:00 2001 From: Sean Whitton <spwhitton@spwhitton.name> Date: Thu, 11 Aug 2016 11:34:30 -0700 Subject: [PATCH] add link to "OpenPGP Best Practices" --- common.ent | 1 + developer-duties.dbk | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/common.ent b/common.ent index 812a800..c1bb73d 100644 --- a/common.ent +++ b/common.ent @@ -138,6 +138,7 @@ <!ENTITY url-gpl "https://www.gnu.org/copyleft/gpl.html"> <!ENTITY url-pgp-faq "http://www.cam.ac.uk.pgp.net/pgpnet/pgp-faq/"> <!ENTITY url-rfc2440 "https://www.rfc-editor.org/rfc/rfc2440.txt"> +<!ENTITY url-openpgp-best-practices "https://riseup.net/en/security/message-security/openpgp/best-practices"> <!ENTITY url-openprojects "https://www.freenode.net/"> <!ENTITY url-oftc "http://www.oftc.net/oftc/"> <!ENTITY url-l10n-tp "https://translationproject.org/html/welcome.html"> diff --git a/developer-duties.dbk b/developer-duties.dbk index 1b5643f..e0e06fd 100644 --- a/developer-duties.dbk +++ b/developer-duties.dbk @@ -144,7 +144,8 @@ Be very careful with your private keys. Do not place them on any public servers or multiuser machines, such as the Debian servers (see <xref linkend="server-machines"/>). Back your keys up; keep a copy offline. Read the documentation that comes with your software; read the <ulink -url="&url-pgp-faq;">PGP FAQ</ulink>. +url="&url-pgp-faq;">PGP FAQ</ulink> and <ulink +url="&url-openpgp-best-practices;">OpenPGP Best Practices</ulink>. </para> <para> You need to ensure not only that your key is secure against being stolen, but -- 2.8.1
Attachment:
signature.asc
Description: PGP signature