Browse Source

Updated URLs.

Moved archived repositories to separate page.
dev
Franco Masotti 4 months ago
parent
commit
1b2bf116b6
Signed by: frnmst GPG Key ID: 24116ED85666780A
  1. 117
      _pages/software.md
  2. 59
      _pages/software_archived.md
  3. 37
      _pages/software_instructions.md

117
_pages/software.md

@ -10,9 +10,6 @@ permalink: /software/
- [Table of contents](#table-of-contents)
- [Introduction](#introduction)
- [Extract](#extract)
- [Signing keys](#signing-keys)
- [Instructions](#instructions)
- [Software](#software)
- [automated-tasks](#automated-tasks)
- [Repository](#repository)
@ -46,18 +43,10 @@ permalink: /software/
- [Repository](#repository-7)
- [Documentation](#documentation-7)
- [Releases](#releases-7)
- [monthly-attendance-paper](#monthly-attendance-paper)
- [the-flux-of-thought](#the-flux-of-thought)
- [Repository](#repository-8)
- [Documentation](#documentation-8)
- [Releases](#releases-8)
- [the-flux-of-thought](#the-flux-of-thought)
- [Repository](#repository-9)
- [Documentation](#documentation-9)
- [Releases](#releases-9)
- [qvm](#qvm)
- [Repository](#repository-10)
- [Documentation](#documentation-10)
- [Releases](#releases-10)
<!--TOC-->
@ -65,37 +54,12 @@ permalink: /software/
This page is the only *real* trusted source of some of my software, publicly available on the Internet.
Here you will find methods to assert the authenticity of the presented software packages.
You may contact me directly to obtain the public key fingerprint in a different way.
### Extract
The following extract is from a [post by Mike Gerwitz](https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits#trust):
> Git Host
>>
>> Git hosting providers are probably the most easily overlooked trustees—providers like Gitorious, GitHub, Bitbucket, SourceForge, Google Code, etc. Each provides hosting for your repository and “secures” it by allowing only you, or other authorized users, to push to it, often with the use of SSH keys tied to an account. By using a host as the primary holder of your repository—the repository from which most clone and push to—you are entrusting them with the entirety of your project; you are stating, “Yes, I trust that my source code is safe with you and will not be tampered with”. This is a dangerous assumption. Do you trust that your host properly secures your account information? Furthermore, bugs exist in all but the most trivial pieces of software, so what is to say that there is not a vulnerability just waiting to be exploited in your host’s system, completely compromising your repository?
>>
>> It was not too long ago (March 4th, 2012) that a public key security vulnerability at GitHub was exploited by a Russian man named Egor Homakov, allowing him to successfully commit to the master branch of the Ruby on Rails framework repository hosted on GitHub. Oops.
Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
## Signing keys
| Key | Fingerprint |
|-----|-------------|
| [pgp_pubkey_since_2019.txt]({{ site.baseurl }}/pubkeys/pgp_pubkey_since_2019.txt) | [pgp_pubkey_fingerprint_since_2019.txt]({{ site.baseurl }}/pubkeys/pgp_pubkey_fingerprint_since_2019.txt) |
## Instructions
[instructions]({{ site.baseurl }}/software/instructions)
## Software
### automated-tasks
- [instructions]({{ site.baseurl }}/software/instructions)
- [archived software]({{ site.baseurl }}/software/archived)
status: active
### automated-tasks
#### Repository
@ -123,12 +87,8 @@ status: active
- [`6.0.0`]({{ site.baseurl }}/software/automated-tasks-6.0.0/release.html)
- [`5.0.0`]({{ site.baseurl }}/software/automated-tasks-5.0.0/release.html)
---
### django-futils
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/django-futils)
@ -149,12 +109,8 @@ status: active
- [`0.0.2`]({{ site.baseurl }}/software/django-futils-0.0.2/release.html)
- [`0.0.1`]({{ site.baseurl }}/software/django-futils-0.0.1/release.html)
---
### docker-debian-postgis-django
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/docker-debian-postgis-django)
@ -181,12 +137,8 @@ status: active
- [`0.0.2`]({{ site.baseurl }}/software/docker-debian-postgis-django-0.0.2/release.html)
- [`0.0.1`]({{ site.baseurl }}/software/docker-debian-postgis-django-0.0.1/release.html)
---
### fattura-elettronica-reader
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/fattura-elettronica-reader)
@ -209,12 +161,8 @@ status: active
- [`2.0.0`]({{ site.baseurl }}/software/fattura-elettronica-reader-2.0.0/release.html)
- [`1.0.0`]({{ site.baseurl }}/software/fattura-elettronica-reader-1.0.0/release.html)
---
### fpydocs
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/fpydocs)
@ -234,12 +182,8 @@ status: active
- [`1.0.0`]({{ site.baseurl }}/software/fpydocs-1.0.0/release.html)
- [`0.0.1`]({{ site.baseurl }}/software/fpydocs-0.0.1/release.html)
---
### fpyutils
status: active
#### Documentation
- [docs.franco.net.eu.org/fpyutils](https://docs.franco.net.eu.org/fpyutils)
@ -260,12 +204,8 @@ status: active
- [`1.2.1`]({{ site.baseurl }}/software/fpyutils-1.2.1/release.html)
- [`1.2.0`]({{ site.baseurl }}/software/fpyutils-1.2.0/release.html)
---
### licheck
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/licheck)
@ -282,12 +222,8 @@ status: active
- [`0.0.2`]({{ site.baseurl }}/software/licheck-0.0.2/release.html)
- [`0.0.1`]({{ site.baseurl }}/software/licheck-0.0.1/release.html)
---
### md-toc
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/md-toc)
@ -309,31 +245,8 @@ status: active
- [`7.0.4`]({{ site.baseurl }}/software/md-toc-7.0.4/release.html)
- [`7.0.3`]({{ site.baseurl }}/software/md-toc-7.0.3/release.html)
---
### monthly-attendance-paper
status: deprecated
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/monthly-attendance-paper)
- [Codeberg](https://codeberg.org/frnmst/monthly-attendance-paper)
#### Documentation
- [software.franco.net.eu.org/frnmst/monthly-attendance-paper#monthly-attendance-paper](https://software.franco.net.eu.org/frnmst/monthly-attendance-paper#monthly-attendance-paper)
#### Releases
- [`0.0.2`]({{ site.baseurl }}/software/monthly-attendance-paper-0.0.2/release.html)
---
### the-flux-of-thought
status: active
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/the-flux-of-thought)
@ -347,25 +260,3 @@ status: active
- [`4.0.0`]({{ site.baseurl }}/software/the-flux-of-thought-4.0.0/release.html)
- [`3.0.0`]({{ site.baseurl }}/software/the-flux-of-thought-3.0.0/release.html)
---
### qvm
status: deprecated
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/qvm)
- [GitHub](https://github.com/frnmst/qvm)
- [Codeberg](https://codeberg.org/frnmst/qvm)
#### Documentation
- [software.franco.net.eu.org/frnmst/qvm#qvm](https://software.franco.net.eu.org/frnmst/qvm#qvm)
#### Releases
- [`1.0.6`]({{ site.baseurl }}/software/qvm-1.0.6/release.html)
- [`1.0.5`]({{ site.baseurl }}/software/qvm-1.0.5/release.html)
- [`1.0.4`]({{ site.baseurl }}/software/qvm-1.0.4/release.html)

59
_pages/software_archived.md

@ -0,0 +1,59 @@
---
layout: page
title: Archived software
permalink: /software/archived
---
## Table of contents
<!--TOC-->
- [Table of contents](#table-of-contents)
- [Archived Software](#archived-software)
- [monthly-attendance-paper](#monthly-attendance-paper)
- [Repository](#repository)
- [Documentation](#documentation)
- [Releases](#releases)
- [qvm](#qvm)
- [Repository](#repository-1)
- [Documentation](#documentation-1)
- [Releases](#releases-1)
<!--TOC-->
## Archived Software
[Instructions]({{ site.baseurl }}/software/instructions)
### monthly-attendance-paper
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst/monthly-attendance-paper)
- [Codeberg](https://codeberg.org/frnmst/monthly-attendance-paper)
#### Documentation
- [software.franco.net.eu.org/frnmst-archives/monthly-attendance-paper#monthly-attendance-paper](https://software.franco.net.eu.org/frnmst-archives/monthly-attendance-paper#monthly-attendance-paper)
#### Releases
- [`0.0.2`]({{ site.baseurl }}/software/monthly-attendance-paper-0.0.2/release.html)
### qvm
#### Repository
- [canonical repository](https://software.franco.net.eu.org/frnmst-archives/qvm)
- [GitHub](https://github.com/frnmst/qvm)
- [Codeberg](https://codeberg.org/frnmst/qvm)
#### Documentation
- [software.franco.net.eu.org/frnmst-archives/qvm#qvm](https://software.franco.net.eu.org/frnmst-archives/qvm#qvm)
#### Releases
- [`1.0.6`]({{ site.baseurl }}/software/qvm-1.0.6/release.html)
- [`1.0.5`]({{ site.baseurl }}/software/qvm-1.0.5/release.html)
- [`1.0.4`]({{ site.baseurl }}/software/qvm-1.0.4/release.html)

37
_pages/software_instructions.md

@ -9,9 +9,12 @@ permalink: /software/instructions/
<!--TOC-->
- [Table of contents](#table-of-contents)
- [Introduction](#introduction)
- [Extract](#extract)
- [Signing keys](#signing-keys)
- [Terminology](#terminology)
- [Methods](#methods)
- [Upload](#upload)
- [Upload (what I have to do)](#upload-what-i-have-to-do)
- [Get the variables](#get-the-variables)
- [Create an archive](#create-an-archive)
- [Signing](#signing)
@ -21,16 +24,40 @@ permalink: /software/instructions/
- [Create a new release file](#create-a-new-release-file)
- [Update the changelog](#update-the-changelog)
- [Update the table of contents](#update-the-table-of-contents)
- [Download](#download)
- [Download (what you have to do)](#download-what-you-have-to-do)
- [Get the public key](#get-the-public-key)
- [Download the repository](#download-the-repository)
- [Check the signature](#check-the-signature)
- [Run the checksums](#run-the-checksums)
- [Extract](#extract)
- [Extract](#extract-1)
- [Python project on PyPI](#python-project-on-pypi-1)
<!--TOC-->
## Introduction
Here you will find methods to assert the authenticity of the presented software packages.
## Extract
The following extract is from a [post by Mike Gerwitz](https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits#trust):
> Git Host
>>
>> Git hosting providers are probably the most easily overlooked trustees—providers like Gitorious, GitHub, Bitbucket, SourceForge, Google Code, etc. Each provides hosting for your repository and “secures” it by allowing only you, or other authorized users, to push to it, often with the use of SSH keys tied to an account. By using a host as the primary holder of your repository—the repository from which most clone and push to—you are entrusting them with the entirety of your project; you are stating, “Yes, I trust that my source code is safe with you and will not be tampered with”. This is a dangerous assumption. Do you trust that your host properly secures your account information? Furthermore, bugs exist in all but the most trivial pieces of software, so what is to say that there is not a vulnerability just waiting to be exploited in your host’s system, completely compromising your repository?
>>
>> It was not too long ago (March 4th, 2012) that a public key security vulnerability at GitHub was exploited by a Russian man named Egor Homakov, allowing him to successfully commit to the master branch of the Ruby on Rails framework repository hosted on GitHub. Oops.
Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
## Signing keys
You may contact me directly to obtain the public key fingerprint in a different way.
| Key | Fingerprint |
|-----|-------------|
| [pgp_pubkey_since_2019.txt]({{ site.baseurl }}/pubkeys/pgp_pubkey_since_2019.txt) | [pgp_pubkey_fingerprint_since_2019.txt]({{ site.baseurl }}/pubkeys/pgp_pubkey_fingerprint_since_2019.txt) |
## Terminology
- `project_dir`: the full path directory of the project
@ -44,7 +71,7 @@ permalink: /software/instructions/
## Methods
### Upload
### Upload (what I have to do)
What follows are the steps I use to upload the software on this page.
@ -121,7 +148,7 @@ Update the changelog file at `_software/CHANGELOG-${project}.md`:
md_toc -p github -l 6 software.md
### Download
### Download (what you have to do)
Run the following to download and verify the software.

Loading…
Cancel
Save