X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Ffeedback.but;h=e0854fc54311d930c41b2fb15c54a1d76009d16c;hb=359b5c8eb45ff56c62032cf147fcdb3723d54324;hp=30b644441675cd5c8ac4bedcb0f6d8871a96228c;hpb=d4a365000edc11c470dc296fb20461e818d4da3d;p=PuTTY.git diff --git a/doc/feedback.but b/doc/feedback.but index 30b64444..e0854fc5 100644 --- a/doc/feedback.but +++ b/doc/feedback.but @@ -1,5 +1,3 @@ -\define{versionidfeedback} \versionid $Id$ - \A{feedback} \ii{Feedback} and \i{bug reporting} This is a guide to providing feedback to the PuTTY development team. @@ -52,6 +50,9 @@ the URL; that way, we don't have to download it unless we decide we actually need it, and only one of us needs to download it instead of it being automatically copied to all the developers. +(If the file contains confidential information, then you could encrypt +it with our Secure Contact Key; see \k{pgpkeys-pubkey} for details.) + Some people like to send mail in MS Word format. Please \e{don't} send us bug reports, or any other mail, as a Word document. Word documents are roughly fifty times larger than writing the same @@ -98,6 +99,9 @@ specific to using the SSH protocol; \b \W{news:comp.terminals}\c{comp.terminals}, for issues relating to terminal emulation (for instance, keyboard problems). +Please use the newsgroup most appropriate to your query, and remember +that these are general newsgroups, not specifically about PuTTY. + If you don't have direct access to Usenet, you can access these newsgroups through Google Groups (\W{http://groups.google.com/}\cw{groups.google.com}). @@ -200,6 +204,20 @@ will explain what you need to know. \e{Then}, if you think the documentation could usefully have told you that, send us a bug report and explain how you think we should change it. +\H{feedback-vulns} Reporting security vulnerabilities + +If you've found a security vulnerability in PuTTY, you might well want +to notify us using an encrypted communications channel, to avoid +disclosing information about the vulnerability before a fixed release +is available. + +For this purpose, we provide a GPG key suitable for encryption: the +Secure Contact Key. See \k{pgpkeys-pubkey} for details of this. + +(Of course, vulnerabilities are also bugs, so please do include as +much information as possible about them, the same way you would with +any other bug report.) + \H{feedback-features} Requesting extra features If you want to request a new feature in PuTTY, the very first things @@ -356,31 +374,43 @@ and ask. Just go ahead and do it. We don't mind. (If you want to distribute PuTTY alongside your own application for use with that application, or if you want to distribute PuTTY within -your own organisation, then we recommend you offer your own -first-line technical support, to answer questions about the -interaction of PuTTY with your environment. If your users mail us -directly, we won't be able to tell them anything useful about your -specific setup.) +your own organisation, then we recommend, but do not insist, that +you offer your own first-line technical support, to answer questions +about the interaction of PuTTY with your environment. If your users +mail us directly, we won't be able to tell them anything useful about +your specific setup.) If you want to use parts of the PuTTY source code in another program, then it might be worth mailing us to talk about technical details, but if all you want is to ask permission then you don't need to bother. You already have permission. +If you just want to link to our web site, just go ahead. (It's not +clear that we \e{could} stop you doing this, even if we wanted to!) + \H{feedback-mirrors} Mirroring the PuTTY web site -\#{This paragraph also in putty-website/mirrors.html} -Mirrors of the PuTTY web site are welcome, especially in regions not -well covered by existing mirrors. (However, if you're in a region that is -already well served by mirrors, you should consider whether yet another one -will be worth the effort.) Please don't bother asking us for permission before +\# the next two paragraphs also on the Mirrors page itself, with +\# minor context changes + +If you want to set up a mirror of the PuTTY website, go ahead and +set one up. Please don't bother asking us for permission before setting up a mirror. You already have permission. -If you mail us \e{after} you have set up the mirror and checked that -it works, and remember to let us know which country your mirror is in, -then we'll add it to the -\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/mirrors.html}{Mirrors -page} on the PuTTY website. +If the mirror is in a country where we don't already have plenty of +mirrors, we may be willing to add it to the list on our +\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/mirrors.html}{mirrors +page}. Read the guidelines on that page, make sure your mirror +works, and email us the information listed at the bottom of the +page. + +Note that we do not \e{promise} to list your mirror: we get a lot of +mirror notifications and yours may not happen to find its way to the +top of the list. + +Also note that we link to all our mirror sites using the +\c{rel="nofollow"} attribute. Running a PuTTY mirror is not intended +to be a cheap way to gain search rankings. If you have technical questions about the process of mirroring, then you might want to mail us before setting up the mirror (see also the