Recent changes to this wiki:

popup: Hide template content from rendered documentation
Bug: https://bugs.debian.org/898836
diff --git a/doc/templates/popup.mdwn b/doc/templates/popup.mdwn
index b721a95f9..f552bb59a 100644
--- a/doc/templates/popup.mdwn
+++ b/doc/templates/popup.mdwn
@@ -10,7 +10,7 @@ large for good usability.
 Note that browsers that do not support the CSS will display the popup
 inline in the page, inside square brackets.
 
-[[templatebody <<ENDBODY
+[[!templatebody <<ENDBODY
 <span class="popup"><TMPL_VAR mouseover>
 <span class="paren">[</span><span class="balloon"><TMPL_VAR popup></span><span class="paren">]</span>
 </span>

bug report for error when python-future is installed
diff --git a/doc/bugs/installing_python-future_causes_non-fatal_error.mdwn b/doc/bugs/installing_python-future_causes_non-fatal_error.mdwn
new file mode 100644
index 000000000..d9b0dcbf9
--- /dev/null
+++ b/doc/bugs/installing_python-future_causes_non-fatal_error.mdwn
@@ -0,0 +1,18 @@
+On Trisquel 8.0, if you have the `python-future` package installed, this causes the wrong module to get loaded by python2.7.
+
+In `/usr/lib/ikiwiki/plugins/proxy.py`:
+
+
+    try:  # Python 3
+        import xmlrpc.server as _xmlrpc_server
+    except ImportError:  # Python 2
+        import SimpleXMLRPCServer as _xmlrpc_server
+
+`xmlrpc.server` gets loaded even though we are using python2.7. This causes the following non-fatal error when pushing to the git repo:
+
+    remote: Traceback (most recent call last):
+    remote:   File "/usr/lib/ikiwiki/plugins/rst", line 45, in <module>
+    remote:     from proxy import IkiWikiProcedureProxy
+    remote:   File "/usr/lib/ikiwiki/plugins/proxy.py", line 72, in <module>
+    remote:     class _IkiWikiExtPluginXMLRPCDispatcher(_xmlrpc_server.SimpleXMLRPCDispatcher):
+    remote: AttributeError: 'module' object has no attribute 'SimpleXMLRPCDispatcher'

fix link
diff --git a/doc/users/kjs.mdwn b/doc/users/kjs.mdwn
index fe0153dd9..a39e53ed3 100644
--- a/doc/users/kjs.mdwn
+++ b/doc/users/kjs.mdwn
@@ -35,7 +35,7 @@ run my code without checking it first.* I can't stress this enough.
 
 [[!table  data="""
 Description | branch/repository
-Repo with only my tweaked files to be installed as third party plugins via `libdir`. See [[install]] for info howto install. | [[!template id=gitbranch branch=kjs/ikiplugs author="kjs"]]
+Repo with only my tweaked files to be installed as third party plugins via `libdir`. See [[plugins/install]] for info howto install. | [[!template id=gitbranch branch=kjs/ikiplugs author="kjs"]]
 Branch where all my changes are kept in the ikiwiki tree the ikiwiki running kalleswork.net: | [[!template id=gitbranch branch=kjs/kalleswork author="kjs"]]
 Branch with only the changes to the [[plugins/img]] plugin: | [[!template id=gitbranch branch=kjs/kjsimg author="kjs"]]
 Branch with only the changes to the [[plugins/contrib/album]] plugin: | [[!template id=gitbranch branch=kjs/kjsalbum author="kjs"]]

Update with info about my branches and changes to img/album plugins
diff --git a/doc/users/kjs.mdwn b/doc/users/kjs.mdwn
index 0519cf926..fe0153dd9 100644
--- a/doc/users/kjs.mdwn
+++ b/doc/users/kjs.mdwn
@@ -6,19 +6,8 @@ Websites using ikiwiki:
 * <http://img.kalleswork.net>
 * <http://stockholm.kalleswork.net>
 
-
-[[!template id=gitbranch branch=kjs/kalleswork.net author="[[Kalle Söderman|kjs]]"]]
-
-Mostly using ikiwiki with the [[/plugins/contrib/album/]] and [[plugins/osm]]
-plugins. My git repo with tweaks including the simplebw theme and various
-changes to the [[plugins/contrib/album]] plugin and templates can be found in
-my kalleswork.net branch
-
-Note that the kalleswork.net branch is all my changes piled into one branch
-that I compile to run my sites. 
-
-**I can't code (clone my repo above if you don't believe me!) so noone should
-run my code without checking it first.** I can't stress this enough.
+Mostly using ikiwiki with tweaked versions of the [[/plugins/contrib/album/]] and [[plugins/osm]]
+plugins. 
 
 The main changes I've done are the following
 
@@ -36,7 +25,20 @@ link to the album. Useful for visual index of albums.
 * Extract GPS data and populate a [[plugins/osm]] waypoint if available.
 * Add span around osm icon to allow for styling.
 
-For my public websites above have been using the tweaked img plugin for many months now. It works well except when deleting images, this seems to require a removal of the indexdb and a rebuild... not very convenient.
+For my public websites above have been using the tweaked img plugin for many years now. It works well except when deleting images, this seems to require a removal of the indexdb and a rebuild... not very convenient. My websites have about 3500 images each and takes almost 15min to rebuild but this is not really an issue for my usage.
+
+
+*I can't code (clone my repo above if you don't believe me!) so noone should
+run my code without checking it first.* I can't stress this enough.
+
+### Git branches/repos
 
-A simple test wiki with downloadable setup and data can be found at:
-<http://src.kalleswork.net/masterbranch/>
+[[!table  data="""
+Description | branch/repository
+Repo with only my tweaked files to be installed as third party plugins via `libdir`. See [[install]] for info howto install. | [[!template id=gitbranch branch=kjs/ikiplugs author="kjs"]]
+Branch where all my changes are kept in the ikiwiki tree the ikiwiki running kalleswork.net: | [[!template id=gitbranch branch=kjs/kalleswork author="kjs"]]
+Branch with only the changes to the [[plugins/img]] plugin: | [[!template id=gitbranch branch=kjs/kjsimg author="kjs"]]
+Branch with only the changes to the [[plugins/contrib/album]] plugin: | [[!template id=gitbranch branch=kjs/kjsalbum author="kjs"]]
+Branch with only my simplebw [[themes]] designed for the above plugins: | [[!template id=gitbranch branch=kjs/kjs-simplebw-theme author="kjs"]]
+Branch with only minor tweaks to standard ikiwiki templates: | [[!template id=gitbranch branch=kjs/kjsadjust author="kjs"]]
+"""]]

added osm pois number for one of my sites
diff --git a/doc/plugins/osm/discussion.mdwn b/doc/plugins/osm/discussion.mdwn
index 14008b1da..2a41b35d2 100644
--- a/doc/plugins/osm/discussion.mdwn
+++ b/doc/plugins/osm/discussion.mdwn
@@ -66,9 +66,12 @@ For usability it would be great if it was possible to display the active waypoin
 
 ----
 
-Just stumbled onto this. Original poster of this issue.
+Just stumbled onto this. 
 
 With regards to features lost my only concern would be customizable waypoint icons. It would be really great to be able to at least change colour from the config. The wishlist point of generating one file per waypoint might solve an issue I have with osm only showing the most recently added waypoints unless I rebuild. I have however a huge number of waypoints.
 
 Looks like good changes to me!
+
+> did a grep `Placemark pois.kml|wc -l` which returned 3468. Which perhaps isn't that much? I'm thinking about how individual poi files might affect performance. My performance troubles are more likely to be with my tweaked album and img plugins though.
+
 --[[kjs]]

diff --git a/doc/plugins/osm/discussion.mdwn b/doc/plugins/osm/discussion.mdwn
index 80f6a318e..14008b1da 100644
--- a/doc/plugins/osm/discussion.mdwn
+++ b/doc/plugins/osm/discussion.mdwn
@@ -63,3 +63,12 @@ For usability it would be great if it was possible to display the active waypoin
 - What needs scrubbing? Have we covered all the bases? Too many bases?
 - Should we vendor Leaflet into an underlay, instead of needing a URL to load it from a CDN? [[schmonz]] somewhat prefers this, so we avoid needing external resources by default, avoid breaking when the Leaflet CDN is down, etc.
 - Should we write some tests before merging? `osm.pm` hadn't had any, FWIW
+
+----
+
+Just stumbled onto this. Original poster of this issue.
+
+With regards to features lost my only concern would be customizable waypoint icons. It would be really great to be able to at least change colour from the config. The wishlist point of generating one file per waypoint might solve an issue I have with osm only showing the most recently added waypoints unless I rebuild. I have however a huge number of waypoints.
+
+Looks like good changes to me!
+--[[kjs]]

Update upstream project name (it's "mandoc" now).
diff --git a/doc/plugins/contrib/mandoc.mdwn b/doc/plugins/contrib/mandoc.mdwn
index 672a268cc..464aec63c 100644
--- a/doc/plugins/contrib/mandoc.mdwn
+++ b/doc/plugins/contrib/mandoc.mdwn
@@ -3,7 +3,7 @@
 [[!tag type/format]]
 
 This plugin lets ikiwiki convert Unix man pages to HTML. It uses
-[mdocml](http://mdocml.bsd.lv/) for the conversion, and postprocesses
+[mandoc](http://mandoc.bsd.lv) for the conversion, and postprocesses
 xrefs into hyperlinks.
 
 Possible enhancements:

bug
diff --git a/doc/bugs/libmarkdown_segfault_led_to_wedged_site.mdwn b/doc/bugs/libmarkdown_segfault_led_to_wedged_site.mdwn
new file mode 100644
index 000000000..f70cd1999
--- /dev/null
+++ b/doc/bugs/libmarkdown_segfault_led_to_wedged_site.mdwn
@@ -0,0 +1,28 @@
+Interleaving logs from ikiwiki and the kernel:
+
+	[Wed May 02 15:50:32.307921 2018] [cgi:error] [pid 4914:tid 3031423808] [client 74.113.40.30:12004] AH01215: To /home/b-waldeneffect-org/source.git: /var/www/b-waldeneffect-org/ikiwiki.cgi, referer: http://www.waldeneffect.org/ikiwiki.cgi?do=blog&from=pending&subpage=1&title=Pros+and+cons+of+the+community+garden
+	[Wed May 02 15:50:32.308000 2018] [cgi:error] [pid 4914:tid 3031423808] [client 74.113.40.30:12004] AH01215:    0c67dc578..893cc6e9b  master -> master: /var/www/b-waldeneffect-org/ikiwiki.cgi, referer: http://www.waldeneffect.org/ikiwiki.cgi?do=blog&from=pending&subpage=1&title=Pros+and+cons+of+the+community+garden
+	May 02 15:50:50 pell kernel: ikiwiki[5054]: segfault at bf7d3ffc ip b6ec9e63 sp bf7d4000 error 6 in libmarkdown.so.2.2.2[b6ec7000+11000]
+	[Wed May 02 15:50:50.222077 2018] [cgi:error] [pid 4914:tid 3031423808] [client 74.113.40.30:12004] End of script output before headers: ikiwiki.cgi, referer: http://www.waldeneffect.org/ikiwiki.cgi?do=blog&from=pending&subpage=1&title=Pros+and+cons+of+the+community+garden
+	[Wed May 02 16:15:48.013597 2018] [cgi:error] [pid 10708:tid 2838391616] [client 74.113.40.30:11989] AH01215:    893cc6e9b..c4f23b861  master -> master: /var/www/b-waldeneffect-org/ikiwiki.cgi, referer: http://www.waldeneffect.org/ikiwiki.cgi?do=blog&from=pending&subpage=1&title=Advantages+and+disadvantages+of+a+community+garden
+	[Wed May 02 16:15:57.921670 2018] [cgi:error] [pid 10708:tid 2838391616] [client 74.113.40.30:11989] AH01215: /home/b-waldeneffect-org/public_html/pending/Pros_and_cons_of_the_community_garden/index.html independently created, not overwriting with version from pending/Pros_and_cons_of_the_community_garden: /var/www/b-waldeneffect-org/ikiwiki.cgi, referer: http://www.waldeneffect.org/ikiwiki.cgi?do=blog&from=pending&subpage=1&title=Advantages+and+disadvantages+of+a+community+garden
+
+So, apparently an img directive led to libmarkdown segfaulting, crashing
+ikiwiki after it had rendered a html file but before it made note that it
+had done so. 
+
+The user saw an "Internal server error" and hit reload, which
+failed due to the "independently created, not overwriting" check. The site
+was then wedged not accepting edits until manually fixed.
+
+After deleting the html file, `ikiwiki --refresh` successfully built
+things, without libmarkdown segfaulting this time. I don't know if this was
+a transient libmarkdown bug or a memory glitch. 
+
+Either way, seems that ikiwiki could better handle recovery from this kind
+of scenario. The "independently created" check has a security benefit...
+Perhaps ikiwiki could keep a log file of destdir files it's recently
+created but has yet to record in the index, and then the check can be
+skipped for those files.
+
+--[[Joey]] 

Initial description
diff --git a/doc/todo/Change_the_ikiwiki.info_search_box_to_not_using_Google.mdwn b/doc/todo/Change_the_ikiwiki.info_search_box_to_not_using_Google.mdwn
new file mode 100644
index 000000000..6adc051dc
--- /dev/null
+++ b/doc/todo/Change_the_ikiwiki.info_search_box_to_not_using_Google.mdwn
@@ -0,0 +1,5 @@
+The search box on ikiwiki uses Google to look for documentation. Unfortunately to use the result page one have to accept Google terms of use, which may be annoying (since it is full of tracker and a real privacy nightmare).
+
+Would it be possible to change the default behavior to use another search engine more privacy friendly such as https://duckduckgo.com or https://qwant.com.
+
+With both engines adding the "site:ikiwiki.info" string to the search terms limit results to these present on ikiwiki.info.

Add missing comma.
diff --git a/doc/todo/merge_tincho-osm_branch.mdwn b/doc/todo/merge_tincho-osm_branch.mdwn
index 96042a5a2..26d6bf0eb 100644
--- a/doc/todo/merge_tincho-osm_branch.mdwn
+++ b/doc/todo/merge_tincho-osm_branch.mdwn
@@ -2,7 +2,7 @@
 greatly simplifies the code, and would let us close
 [[replace openlayers with leaflet]]
 and
-[[bugs/osm plugin fails to display map with javascript error]]
+[[bugs/osm plugin fails to display map with javascript error]],
 at the cost of removing some features.
 
 The branch already incorporates changes from my review and additional fixes.

Fix bug WikiLink in previous.
diff --git a/doc/todo/merge_tincho-osm_branch.mdwn b/doc/todo/merge_tincho-osm_branch.mdwn
index 4318f57de..96042a5a2 100644
--- a/doc/todo/merge_tincho-osm_branch.mdwn
+++ b/doc/todo/merge_tincho-osm_branch.mdwn
@@ -2,7 +2,7 @@
 greatly simplifies the code, and would let us close
 [[replace openlayers with leaflet]]
 and
-[[osm plugin fails to display map with javascript error]]
+[[bugs/osm plugin fails to display map with javascript error]]
 at the cost of removing some features.
 
 The branch already incorporates changes from my review and additional fixes.

Request review and possible merge of tincho-osm.
diff --git a/doc/todo/merge_tincho-osm_branch.mdwn b/doc/todo/merge_tincho-osm_branch.mdwn
new file mode 100644
index 000000000..4318f57de
--- /dev/null
+++ b/doc/todo/merge_tincho-osm_branch.mdwn
@@ -0,0 +1,12 @@
+[[Tincho]] has an updated [[plugins/osm]] that fixes some basic usages,
+greatly simplifies the code, and would let us close
+[[replace openlayers with leaflet]]
+and
+[[osm plugin fails to display map with javascript error]]
+at the cost of removing some features.
+
+The branch already incorporates changes from my review and additional fixes.
+I'd appreciate additional careful review from another maintainer,
+including about the points raised at [[plugins/osm/discussion]].
+
+--[[schmonz]]

Add notes from today's pairing with tincho.
diff --git a/doc/plugins/osm/discussion.mdwn b/doc/plugins/osm/discussion.mdwn
index 538a3ab10..80f6a318e 100644
--- a/doc/plugins/osm/discussion.mdwn
+++ b/doc/plugins/osm/discussion.mdwn
@@ -23,3 +23,43 @@ For usability it would be great if it was possible to display the active waypoin
 *PS. The osm plugin is amazing!*
 
 > Thanks! --[[anarcat]]
+
+-----
+
+## Updated plugin needs review and merge
+
+[[!template id=gitbranch branch=tincho-osm author="[[tincho]]"]]
+
+[[schmonz]] here. I recently tried to use this plugin, had some trouble, and discovered on IRC that [[tincho]] has a largely [rewritten version](https://blog.tincho.org/posts/OSM_in_IkiWiki/) that looks good [on his site](https://blog.tincho.org/Mingle/), but hadn't gotten around to submitting for merge. So we remote-paired on it today, improved a few things, and wrote down what we noticed:
+
+### Features removed
+
+- Google Maps API
+- Multiple layers
+- Customized waypoint icons
+- Full-screen map (via the CGI)
+- Whatever "editable" did (maybe something interactive?)
+- OpenLayers -> Leaflet (if anyone was somehow depending on OpenLayers)
+
+### Features added
+
+- Maps actually work again
+- Maps work when embedded in HTTPS sites
+- Multiple maps and multiple waypoints in a page probably work better now
+- Maps _do_ appear in inlines
+- Pagestate hash gets cleaned up better after edit/preview/delete
+
+### Wishlist
+
+- Optionally do something (render a static image?) for RSS
+- When drawing lines between waypoints that are linked, optionally draw an arrow
+- Performance/ikiwiki-idiomaticness: generate one GeoJSON file per waypoint, then rely on getting changed waypoints from the `changes()` hook
+- Treat optional waypoint description as Markdown (or whatever input format you're using)
+- Simplify scrubbing (maybe avoid needing HTML::Scrubber)
+
+### Questions for reviewers
+
+- Given this is backward-incompatible, dhould we call it something other than "osm"?
+- What needs scrubbing? Have we covered all the bases? Too many bases?
+- Should we vendor Leaflet into an underlay, instead of needing a URL to load it from a CDN? [[schmonz]] somewhat prefers this, so we avoid needing external resources by default, avoid breaking when the Leaflet CDN is down, etc.
+- Should we write some tests before merging? `osm.pm` hadn't had any, FWIW

Add tincho's git repo.
diff --git a/doc/git.mdwn b/doc/git.mdwn
index 52c9ca3e7..fe778f606 100644
--- a/doc/git.mdwn
+++ b/doc/git.mdwn
@@ -69,6 +69,7 @@ think about merging them. This is recommended. :-)
 * bfree `git://github.com/bfree/ikiwiki.git`
 * [[users/leg]] `git://at.magma-soft.at/ikiwiki.info`
 * [[thcipriani]] `https://github.com/thcipriani/ikiwiki.git` ([[browse|https://github.com/thcipriani/ikiwiki]])
+* [[tincho]] `git@github.com:TheTincho/ikiwiki.git` ([[browse|https://github.com/TheTincho/ikiwiki]])
 
 ## branches
 

Maybe we should just suggested-depends on sudo
diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
index 0d4f1d5f3..3bae33ada 100644
--- a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
+++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
@@ -128,3 +128,13 @@ The `-m` may be overzealous. I have some sites running as users with `/sbin/nolo
 >> it because traditional Unix terminal handling is also a disaster
 >> area, and I don't see a good solution.
 >> --[[smcv]]
+
+>>> After reading this, appreciating your effort writing it, and then
+>>> ignoring it for a while, I think our easiest option might be to take
+>>> a dependency on sudo. It's ubiquitous-ish, and where it's not
+>>> already present the dependency feels more "suggested" than
+>>> "required": ikiwiki is plenty useful for many/most uses without a working
+>>> `ikiwiki-mass-rebuild` (as I can vouch). A slightly more annoying
+>>> and thorough option might be to make the run-as-user command
+>>> configurable, with some strong suggestions and warnings. Thoughts?
+>>> --[[schmonz]]

Add personal site
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index e33ed8f2b..2ad84d82c 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -221,3 +221,4 @@ Personal sites and blogs
 * [Matto's personal website](https://box.matto.nl)
 * [Rob Sayers' personal website](http://www.robsayers.com)
 * [Svetlana Tkachenko's personal website](http://svetlana.nfshost.com/index.en.html) - personal site, no blog
+* [re:fi.64's personal wiki](https://wiki.refi64.com/)

Revert spam commits.
diff --git a/doc/bugs/discussion.mdwn b/doc/bugs/discussion.mdwn
index 5a0da04d4..474e07564 100644
--- a/doc/bugs/discussion.mdwn
+++ b/doc/bugs/discussion.mdwn
@@ -15,4 +15,4 @@ the ikiwiki.cgi CGI wrapper. ..."
   to the user who owns the `source` and `destination` directories.
 
 > (emphasis mine). Anyway, if you have ideas to improve the man page, it's
-> over in [[Pagina]] --[[Joey]]
+> over in [[usage]] --[[Joey]]
diff --git a/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
index 89df6789a..99cc1964c 100644
--- a/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
+++ b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
@@ -1,4 +1,4 @@
-From the source of [[Pagina]]:
+From the source of [[usage]]:
 
     <a href="mailto:joey@ikiwiki.info">&#x6A;&#111;&#101;&#x79;&#64;i&#107;&#105;w&#105;&#107;&#x69;&#46;&#105;n&#x66;&#x6F;</a>
 
diff --git a/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn b/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
index 1b9f0a039..b8e28e0a3 100644
--- a/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
+++ b/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
@@ -36,7 +36,7 @@ I could not come up with a working set of users which are put into different gro
 
 > You can set the umask for ikiwiki itself, without changing the system umask, via the usmask setting in the setup file. --[[Joey]]
 
-In the end, I did the following. I created a directory /srv/ikiwiki/ which is owned by gitosis. The [[setup_file|/Pagina]] is also located there (/srv/ikiwiki/project.setup). I put the srcdir there too (srcdir => '/srv/ikiwiki/project/'). So now sudo -u gitosis ikiwiki --project.setup is able to create the post-update hook (git_wrapper => '/srv/gitosis/repositories/project.git/hooks/post-update'). Since this hook is called every time something is checked in over SSH, it is run by gitosis, so I did not set it suid. Or do I have to, because ikiwiki.cgi will be run as www-data?
+In the end, I did the following. I created a directory /srv/ikiwiki/ which is owned by gitosis. The [[setup_file|/usage]] is also located there (/srv/ikiwiki/project.setup). I put the srcdir there too (srcdir => '/srv/ikiwiki/project/'). So now sudo -u gitosis ikiwiki --project.setup is able to create the post-update hook (git_wrapper => '/srv/gitosis/repositories/project.git/hooks/post-update'). Since this hook is called every time something is checked in over SSH, it is run by gitosis, so I did not set it suid. Or do I have to, because ikiwiki.cgi will be run as www-data?
 
 > Generally, ikiwiki.cgi is run as the user who owns the wiki and repository, in this case, gitosis. The ikwiiki.cgi needs to be able to write to source files in the wiki; it needs to be able to commit changes,
 > and it needs to be able to generate and write the html files. If you don't want ikiwiki.cgi to run as gitosis, you will need to put gitosis and www-data in a group and give them both write access, with appropriate umask, etc. --[[Joey]]
diff --git a/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn b/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn
index 753e18ed2..a8d04a0ad 100644
--- a/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn
+++ b/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn
@@ -14,7 +14,7 @@ Thanks,
 > dest/foo.html, src/bar.mdwn becomes dest/bar.html, etc.
 > 
 > It sounds like you want `--no-usedirs`, or the corresponding `usedirs => 0,`
-> option in your setup file. See [[Pagina]] for more information. -- [[Jon]]
+> option in your setup file. See [[usage]] for more information. -- [[Jon]]
 
 Thanks, usedirs seems to be just the thing I need.
 
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index 5f177ae7b..e33ed8f2b 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -194,6 +194,7 @@ Personal sites and blogs
 * [Salient Dream](http://www.salientdream.com/) - All Things Strange. 
 * [Anton Berezin's blog](http://blog.tobez.org/)
 * [Waldgarten]( http://waldgarten.greenonion.org/ ) News and documentation of a permaculture inspired neighbourhood-garden located in Hamburg, Germany.
+* [Frohdo](https://frohdo.de) - With raw food against back pain and other diseases
 * [[OscarMorante]]'s [personal site](http://oscar.morante.eu).
 * [Puckspage]( http://www.puckspage.org/ ) Political and personal blog in German. The name comes from the elf out of midsummer nights dream.  
 * [[LucaCapello]]'s [homepage](http://luca.pca.it)
diff --git a/doc/index.mdwn b/doc/index.mdwn
index 67745799b..e0e401656 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -15,7 +15,7 @@ site generator with some dynamic features.
 ## using ikiwiki
 
 [[Setup]] has a tutorial for setting up ikiwiki, or you can read the
-[[man_page|Pagina]]. There are some [[examples]] of things you can do
+[[man_page|usage]]. There are some [[examples]] of things you can do
 with ikiwiki, and some [[tips]].  Basic documentation for ikiwiki plugins
 and syntax is provided [[here|ikiwiki]]. The [[forum]] is open for
 discussions.
diff --git a/doc/plugins.mdwn b/doc/plugins.mdwn
index ff24e1bca..0bea33592 100644
--- a/doc/plugins.mdwn
+++ b/doc/plugins.mdwn
@@ -7,7 +7,7 @@ There's documentation if you want to [[write]] your own plugins, or you can
 [[install]] plugins [[contributed|contrib]] by others.
 
 To enable a plugin, use the `--plugin` switch described in
-[[Pagina]], or the equivalent `add_plugins` line in ikiwiki.setup.
+[[usage]], or the equivalent `add_plugins` line in ikiwiki.setup.
 Enable the [[goodstuff]] plugin to get a nice selection of plugins that
 will fit most uses of ikiwiki.
 
diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn
index 1839d0829..fa7a037ba 100644
--- a/doc/rcs/git.mdwn
+++ b/doc/rcs/git.mdwn
@@ -51,7 +51,7 @@ One setup that will work is to put all committers in a group (say,
 "ikiwiki"), and use permissions to allow that group to commit to the bare git
 repository. Make both the post-update hook and ikiwiki.cgi be setgid
 to the group, as well as suid to the user who admins the wiki. The
-`wrappergroup` [[setup_file_option|Pagina]] can be used to make the wrappers
+`wrappergroup` [[setup_file_option|usage]] can be used to make the wrappers
 be setgid to the right group. Then the srcdir, including its git
 repository, should only be writable by the wiki's admin, and *not* by the
 group. Take care that ikiwiki uses a umask that does not cause files in
diff --git a/doc/setup.mdwn b/doc/setup.mdwn
index 0d532f337..9fc37c0b1 100644
--- a/doc/setup.mdwn
+++ b/doc/setup.mdwn
@@ -113,7 +113,7 @@ Alternatively, you can ask ikiwiki to change settings in the file for you:
 
 	% ikiwiki --changesetup foo.setup --plugin goodstuff
 
-See [[Pagina]] for more options.
+See [[usage]] for more options.
 
 ## Customizing file locations
 
diff --git a/doc/setup/byhand.mdwn b/doc/setup/byhand.mdwn
index 2b0defe64..6d0f37cd9 100644
--- a/doc/setup/byhand.mdwn
+++ b/doc/setup/byhand.mdwn
@@ -64,7 +64,7 @@ can copy in files from the [[examples]]. The examples are located in
 
 You can experiment with other ikiwiki parameters such as `--wikiname`
 and `--rebuild` too. Get comfortable with its command line (see
-[[Pagina]]).
+[[usage]]).
 
 ## Add a setup file.
 
@@ -83,7 +83,7 @@ the rest of the files. A good place to put it is in a ~/.ikiwiki/
 subdirectory.
    
 Most of the options, like `wikiname` in the setup file are the same as
-ikiwiki's command line options (documented in [[Pagina]]). `srcdir` and
+ikiwiki's command line options (documented in [[usage]]). `srcdir` and
 `destdir` are the two directories you specify when running ikiwiki by
 hand. Make sure that these are pointing to the right directories, and
 read through and configure the rest of the file to your liking.
diff --git a/doc/Pagina.html b/doc/usage.mdwn
similarity index 100%
rename from doc/Pagina.html
rename to doc/usage.mdwn
diff --git a/doc/Pagina/discussion.mdwn b/doc/usage/discussion.mdwn
similarity index 100%
rename from doc/Pagina/discussion.mdwn
rename to doc/usage/discussion.mdwn

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn b/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn
index a8d04a0ad..753e18ed2 100644
--- a/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn
+++ b/doc/forum/transition_from_handwritten_html_to_ikiwiki.mdwn
@@ -14,7 +14,7 @@ Thanks,
 > dest/foo.html, src/bar.mdwn becomes dest/bar.html, etc.
 > 
 > It sounds like you want `--no-usedirs`, or the corresponding `usedirs => 0,`
-> option in your setup file. See [[usage]] for more information. -- [[Jon]]
+> option in your setup file. See [[Pagina]] for more information. -- [[Jon]]
 
 Thanks, usedirs seems to be just the thing I need.
 

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/plugins.mdwn b/doc/plugins.mdwn
index 0bea33592..ff24e1bca 100644
--- a/doc/plugins.mdwn
+++ b/doc/plugins.mdwn
@@ -7,7 +7,7 @@ There's documentation if you want to [[write]] your own plugins, or you can
 [[install]] plugins [[contributed|contrib]] by others.
 
 To enable a plugin, use the `--plugin` switch described in
-[[usage]], or the equivalent `add_plugins` line in ikiwiki.setup.
+[[Pagina]], or the equivalent `add_plugins` line in ikiwiki.setup.
 Enable the [[goodstuff]] plugin to get a nice selection of plugins that
 will fit most uses of ikiwiki.
 

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/setup/byhand.mdwn b/doc/setup/byhand.mdwn
index 6d0f37cd9..2b0defe64 100644
--- a/doc/setup/byhand.mdwn
+++ b/doc/setup/byhand.mdwn
@@ -64,7 +64,7 @@ can copy in files from the [[examples]]. The examples are located in
 
 You can experiment with other ikiwiki parameters such as `--wikiname`
 and `--rebuild` too. Get comfortable with its command line (see
-[[usage]]).
+[[Pagina]]).
 
 ## Add a setup file.
 
@@ -83,7 +83,7 @@ the rest of the files. A good place to put it is in a ~/.ikiwiki/
 subdirectory.
    
 Most of the options, like `wikiname` in the setup file are the same as
-ikiwiki's command line options (documented in [[usage]]). `srcdir` and
+ikiwiki's command line options (documented in [[Pagina]]). `srcdir` and
 `destdir` are the two directories you specify when running ikiwiki by
 hand. Make sure that these are pointing to the right directories, and
 read through and configure the rest of the file to your liking.

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn b/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
index b8e28e0a3..1b9f0a039 100644
--- a/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
+++ b/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn
@@ -36,7 +36,7 @@ I could not come up with a working set of users which are put into different gro
 
 > You can set the umask for ikiwiki itself, without changing the system umask, via the usmask setting in the setup file. --[[Joey]]
 
-In the end, I did the following. I created a directory /srv/ikiwiki/ which is owned by gitosis. The [[setup_file|/usage]] is also located there (/srv/ikiwiki/project.setup). I put the srcdir there too (srcdir => '/srv/ikiwiki/project/'). So now sudo -u gitosis ikiwiki --project.setup is able to create the post-update hook (git_wrapper => '/srv/gitosis/repositories/project.git/hooks/post-update'). Since this hook is called every time something is checked in over SSH, it is run by gitosis, so I did not set it suid. Or do I have to, because ikiwiki.cgi will be run as www-data?
+In the end, I did the following. I created a directory /srv/ikiwiki/ which is owned by gitosis. The [[setup_file|/Pagina]] is also located there (/srv/ikiwiki/project.setup). I put the srcdir there too (srcdir => '/srv/ikiwiki/project/'). So now sudo -u gitosis ikiwiki --project.setup is able to create the post-update hook (git_wrapper => '/srv/gitosis/repositories/project.git/hooks/post-update'). Since this hook is called every time something is checked in over SSH, it is run by gitosis, so I did not set it suid. Or do I have to, because ikiwiki.cgi will be run as www-data?
 
 > Generally, ikiwiki.cgi is run as the user who owns the wiki and repository, in this case, gitosis. The ikwiiki.cgi needs to be able to write to source files in the wiki; it needs to be able to commit changes,
 > and it needs to be able to generate and write the html files. If you don't want ikiwiki.cgi to run as gitosis, you will need to put gitosis and www-data in a group and give them both write access, with appropriate umask, etc. --[[Joey]]

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/bugs/discussion.mdwn b/doc/bugs/discussion.mdwn
index 474e07564..5a0da04d4 100644
--- a/doc/bugs/discussion.mdwn
+++ b/doc/bugs/discussion.mdwn
@@ -15,4 +15,4 @@ the ikiwiki.cgi CGI wrapper. ..."
   to the user who owns the `source` and `destination` directories.
 
 > (emphasis mine). Anyway, if you have ideas to improve the man page, it's
-> over in [[usage]] --[[Joey]]
+> over in [[Pagina]] --[[Joey]]

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/index.mdwn b/doc/index.mdwn
index e0e401656..67745799b 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -15,7 +15,7 @@ site generator with some dynamic features.
 ## using ikiwiki
 
 [[Setup]] has a tutorial for setting up ikiwiki, or you can read the
-[[man_page|usage]]. There are some [[examples]] of things you can do
+[[man_page|Pagina]]. There are some [[examples]] of things you can do
 with ikiwiki, and some [[tips]].  Basic documentation for ikiwiki plugins
 and syntax is provided [[here|ikiwiki]]. The [[forum]] is open for
 discussions.

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
index 99cc1964c..89df6789a 100644
--- a/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
+++ b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
@@ -1,4 +1,4 @@
-From the source of [[usage]]:
+From the source of [[Pagina]]:
 
     <a href="mailto:joey@ikiwiki.info">&#x6A;&#111;&#101;&#x79;&#64;i&#107;&#105;w&#105;&#107;&#x69;&#46;&#105;n&#x66;&#x6F;</a>
 

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/setup.mdwn b/doc/setup.mdwn
index 9fc37c0b1..0d532f337 100644
--- a/doc/setup.mdwn
+++ b/doc/setup.mdwn
@@ -113,7 +113,7 @@ Alternatively, you can ask ikiwiki to change settings in the file for you:
 
 	% ikiwiki --changesetup foo.setup --plugin goodstuff
 
-See [[usage]] for more options.
+See [[Pagina]] for more options.
 
 ## Customizing file locations
 

update for rename of usage.mdwn to Pagina.html
diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn
index fa7a037ba..1839d0829 100644
--- a/doc/rcs/git.mdwn
+++ b/doc/rcs/git.mdwn
@@ -51,7 +51,7 @@ One setup that will work is to put all committers in a group (say,
 "ikiwiki"), and use permissions to allow that group to commit to the bare git
 repository. Make both the post-update hook and ikiwiki.cgi be setgid
 to the group, as well as suid to the user who admins the wiki. The
-`wrappergroup` [[setup_file_option|usage]] can be used to make the wrappers
+`wrappergroup` [[setup_file_option|Pagina]] can be used to make the wrappers
 be setgid to the right group. Then the srcdir, including its git
 repository, should only be writable by the wiki's admin, and *not* by the
 group. Take care that ikiwiki uses a umask that does not cause files in

rename usage.mdwn to Pagina.html
diff --git a/doc/usage.mdwn b/doc/Pagina.html
similarity index 100%
rename from doc/usage.mdwn
rename to doc/Pagina.html
diff --git a/doc/usage/discussion.mdwn b/doc/Pagina/discussion.mdwn
similarity index 100%
rename from doc/usage/discussion.mdwn
rename to doc/Pagina/discussion.mdwn

1
This reverts commit 5ee60968b966f605eb3b0c3119e5366e57b745b8
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index e33ed8f2b..5f177ae7b 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -194,7 +194,6 @@ Personal sites and blogs
 * [Salient Dream](http://www.salientdream.com/) - All Things Strange. 
 * [Anton Berezin's blog](http://blog.tobez.org/)
 * [Waldgarten]( http://waldgarten.greenonion.org/ ) News and documentation of a permaculture inspired neighbourhood-garden located in Hamburg, Germany.
-* [Frohdo](https://frohdo.de) - With raw food against back pain and other diseases
 * [[OscarMorante]]'s [personal site](http://oscar.morante.eu).
 * [Puckspage]( http://www.puckspage.org/ ) Political and personal blog in German. The name comes from the elf out of midsummer nights dream.  
 * [[LucaCapello]]'s [homepage](http://luca.pca.it)

libravatar shutdown
diff --git a/doc/todo/libravatar_EOL.mdwn b/doc/todo/libravatar_EOL.mdwn
new file mode 100644
index 000000000..96d7502a6
--- /dev/null
+++ b/doc/todo/libravatar_EOL.mdwn
@@ -0,0 +1,11 @@
+Unfortunately libravatar is being shut down on 2018-09-01
+<https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/>
+
+This is used in the comments plugin to get an avatar url.
+
+It would probably be best to remove the code that tries to use it, in case
+its dns eventually gets taken over by something that causes some kind of
+problem. (The shutdown page doesn't say what will happen to the DNS.)
+
+It might also be a good idea to filter out avatar urls in existing comments
+that point to libravatar.org. --[[Joey]]

Portably and safely dropping privileges is far harder than it ought to be
diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
index 435368cd7..0d4f1d5f3 100644
--- a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
+++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
@@ -25,3 +25,106 @@ The `-m` may be overzealous. I have some sites running as users with `/sbin/nolo
 > pkgsrc's ikiwiki package (rev 3.20180311nb1), and will report back. In
 > the meanwhile, would this change cause any obvious regressions on
 > Debian? --[[schmonz]]
+
+>> su(1) does several things for us, not all of them completely obvious:
+>>
+>> * raise or drop privileges
+>> * avoid inheriting the controlling tty
+>> * alter the environment
+>> * run a PAM stack which can do more or less anything
+>> * execute the given command
+>>
+>> Because it's a privileged program, and POSIX/SUS don't specify the
+>> behaviour of privileged operations, its behaviour is determined
+>> by tradition rather than standards.
+>>
+>> Dropping privileges (in this case) is uncontroversial: clearly we want
+>> to do that.
+>>
+>> Not inheriting the controlling tty is necessary to prevent tty hijacking
+>> when dropping privileges (CVE-2011-1408, [[!debbug 628843]]). See
+>> ikiwiki-mass-rebuild's git history. It might also be possible to do this
+>> with `POSIX::setsid`, but I don't know whether that fully protects us
+>> on all platforms, and I would hope that every platform's `su` does the
+>> right things for that platform.
+>>
+>> Altering the environment is less clear. I'm taking the su(1) from Debian
+>> as a reference because that's what Joey would have developed against,
+>> and it has several modes for how much it does to the environment:
+>>
+>> * with `-m` (or equivalently `-p` or `--preserve-environment`):
+>>   reset only `PATH` and `IFS`; inherit everything else. I'm fairly
+>>   sure we don't want this, because we don't want ikiwiki to run with
+>>   root's `HOME`.
+>> * without `-m` or `-`: reset `HOME`, `SHELL`, `USER`, `LOGNAME`,
+>>   `PATH` and `IFS`; inherit everything else.
+>> * with `-` (or equivalently `-l` or `--login`) but not `-m`:
+>>   reset `HOME`, etc.; inherit `TERM`, `COLORTERM`, `DISPLAY` and
+>>   `XAUTHORITY`; clear everything else.
+>>
+>> Before Joey switched ikiwiki-mass-rebuild from dropping privileges
+>> itself to using `su` to fix CVE-2011-1408, it would reset `HOME`,
+>> inherit `PATH` (!) and clear everything else. Using plain `su`
+>> without `-` and without clearing the environment is increasingly
+>> discredited, because it isn't 1980 any more and a lot of programs
+>> respect environment variables whose correct values are user-specific,
+>> such as `XDG_RUNTIME_DIR` and `DBUS_SESSION_BUS_ADDRESS`. So I think
+>> using `su -` would be reasonable and perhaps preferable.
+>>
+>> Running the PAM stack is essentially unavoidable when we're
+>> altering privileges like this, and it's what PAM is there for,
+>> so we should do it. I think some `su` implementations (although not
+>> the one in Debian) run different PAM stacks for `su` and `su -`.
+>>
+>> Finally, running the command. `su` has two design flaws in this area:
+>>
+>> * The command is a string to be parsed by the shell, not an argument
+>>   vector; on Linux, this design flaw can be avoided by using
+>>   `runuser -u USER ... -- COMMAND [ARGUMENT...]` from util-linux instead
+>>   (essentially a non-setuid fork of util-linux su with more reasonable
+>>   command-line handling), and on many Unix systems it can be avoided by
+>>   using `sudo -u USER ... -- COMMAND [ARGUMENT...]`, but presumably neither
+>>   is available as standard on all OSs because that would be far too
+>>   helpful. runuser is also (still) vulnerable to `TIOCSTI` tty hijacking,
+>>   because its developers think that ioctl has no legitimate uses and
+>>   should be disabled or made a privileged operation in the Linux kernel,
+>>   but the Linux kernel maintainers have rejected that solution and
+>>   neither seems to be willing to back down.
+>>
+>>   We might be able to bypass this with this trick:
+>>
+>>       system('su', ..., '--', '-c', 'exec "$0" "$@"', $0, @ARGV);
+>>
+>>   using the fact that arguments to a Bourne/POSIX shell after `-c`
+>>   are set as `$0`, `$1`, ... in the shell. But the second design flaw
+>>   makes this unreliable.
+>>
+>> * `-c` is specified to run the given command with the user's
+>>   login shell from `/etc/passwd` (which might be `nologin` or `csh`
+>>   or anything else), not a standardized Bourne/POSIX shell, so you
+>>   can't predict what (if anything) the given command will actually
+>>   do, or even how to quote correctly. On Linux, giving `-s /bin/sh`
+>>   works around this design flaw, but apparently that's not portable
+>>   or we wouldn't be having this discussion.
+>>
+>> In principle ikiwiki-mass-rebuild was already wrong here, becase it
+>> receives arbitrary arguments and passes them to ikiwiki, but will do
+>> the wrong thing if they contain shell metacharacters (this is not a
+>> security vulnerability, because it's the unprivileged shell that will
+>> do the wrong thing; it's just wrong). Your proposed change makes it
+>> differently wrong, which I suppose is not *necessarily* worse, but
+>> I'd prefer it to be actually correct.
+>>
+>> It seems that by using `-m` you're relying on root having a
+>> Bourne-compatible (POSIX) login shell, so that when `SHELL` is
+>> inherited from root's environment, it will parse the argument of `-c`
+>> according to `/bin/sh` rules. This is less reliable than Linux
+>> `su -s /bin/sh` and has more side-effects, but the man page collection
+>> on unix.com suggests that this meaning for `-s` is Linux-specific
+>> and has not been copied by any other OSs, which is depressing because
+>> that option seems to be the only way to achieve what we want.
+>>
+>> In conclusion, non-interactive `su` is a disaster area, but we use
+>> it because traditional Unix terminal handling is also a disaster
+>> area, and I don't see a good solution.
+>> --[[smcv]]

Update URL of a website (using ikiwiki)
diff --git a/doc/users/spalax.mdwn b/doc/users/spalax.mdwn
index 2010fdef1..52b538b22 100644
--- a/doc/users/spalax.mdwn
+++ b/doc/users/spalax.mdwn
@@ -1,6 +1,6 @@
 [[!meta title="Louis Paternault"]]
 
-User of IkiWiki (my [professional website](http://paternault.fr), among others).
+User of IkiWiki (my [professional website](http://ababsurdo.fr), among others).
 
 # Plugins
 

Update URL of a website (using ikiwiki)
diff --git a/doc/plugins/contrib/pageversion.mdwn b/doc/plugins/contrib/pageversion.mdwn
index 979380133..0d86f0f0a 100644
--- a/doc/plugins/contrib/pageversion.mdwn
+++ b/doc/plugins/contrib/pageversion.mdwn
@@ -18,12 +18,12 @@ On my personal website/blog, I publish articles which I sometimes update. Someti
 
 # Example
 
-For instance, on my personal website, article [one](//paternault.fr/pedago/sismologie/20150110/) has been updated to [two](//paternault.fr/pedago/sismologie/20150819/).
+For instance, on my personal website, article [one](//ababsurdo.fr/pedago/sismologie/20150110/) has been updated to [two](//ababsurdo.fr/pedago/sismologie/20150819/).
 
-- They both contain the directive `\[[!versionof parent]]`, marking them as a version of the [main article](//paternault.fr/pedago/sismologie) (which happens to be their parent page).
-- On the [old article](//paternault.fr/pedago/sismologie/20150819/), links to the other articles (only one here) are available.
-- On the [page listing my articles](//paternault.fr/pedago), only the latest article appears.
-- The [main page](//paternault.fr/pedago/sismologie) lists all versions of this article, and redirects to the latest one.
+- They both contain the directive `\[[!versionof parent]]`, marking them as a version of the [main article](//ababsurdo.fr/pedago/sismologie) (which happens to be their parent page).
+- On the [old article](//ababsurdo.fr/pedago/sismologie/20150819/), links to the other articles (only one here) are available.
+- On the [page listing my articles](//ababsurdo.fr/pedago), only the latest article appears.
+- The [main page](//ababsurdo.fr/pedago/sismologie) lists all versions of this article, and redirects to the latest one.
 
 # List of directives and pagespecs
 

Update URL of a website (using ikiwiki)
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index f84347521..e33ed8f2b 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -209,7 +209,7 @@ Personal sites and blogs
 * Kalle Söderman: [Seen Architecture](http://img.kalleswork.net), [Stockholm Project](http://stockholm.kalleswork.net) - Mainly -image galleries using the album and osm plugins with a customized html5 theme.
 * James Richardson's [wiki](https://jamestechnotes.com), [blog](https://jamesrichardson.name), and online [resume](https://resume.jamesrichardson.name).
 * [Amitai Schleier's site](https://schmonz.com/)
-* [[spalax]]'s [professional website](http://paternault.fr)
+* [[spalax]]'s [professional website](http://ababsurdo.fr)
 * [Aloodo Blog](http://blog.aloodo.org/)
 * Ninguém tem blog! - Restricted ikiwiki hosting
   * [Dissertos radicais](http://dissertosradicais.tem.blog.br)

Added my patch to pkgsrc ikiwiki for evaluation.
diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
index 4b1394a67..435368cd7 100644
--- a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
+++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
@@ -19,3 +19,9 @@ The following patch works much better on the aforementioned platforms, as well a
 The `-m` may be overzealous. I have some sites running as users with `/sbin/nologin` for a shell, and this allows running a command as those users, though without some typical environment variables. This is probably wrong. Maybe I should be doing something else to limit shell access for those users, and the su arg should instead be `-`.
 
 --[[schmonz]]
+
+> To get some real-world and very cross-platform testing, I've committed
+> a conservative version of this patch, with `-` in place of `-m`, to
+> pkgsrc's ikiwiki package (rev 3.20180311nb1), and will report back. In
+> the meanwhile, would this change cause any obvious regressions on
+> Debian? --[[schmonz]]

diff --git a/doc/sandbox.mdwn b/doc/sandbox.mdwn
index 7a755ee02..dc0aebf2d 100644
--- a/doc/sandbox.mdwn
+++ b/doc/sandbox.mdwn
@@ -226,3 +226,25 @@ Testing. Test. 試験として書き込みします。
 test
 
 I must **emphasise** this.
+
+
+// more pointers
+#include <iostream>
+using namespace std;
+
+int main ()
+{
+  int firstvalue = 5, secondvalue = 15;
+  int * p1, * p2;
+
+  p1 = &firstvalue;  // p1 = address of firstvalue
+  p2 = &secondvalue; // p2 = address of secondvalue
+  *p1 = 10;          // value pointed to by p1 = 10
+  *p2 = *p1;         // value pointed to by p2 = value pointed to by p1
+  p1 = p2;           // p1 = p2 (value of pointer is copied)
+  *p1 = 20;          // value pointed to by p1 = 20
+  
+  cout << "firstvalue is " << firstvalue << '\n';
+  cout << "secondvalue is " << secondvalue << '\n';
+  return 0;
+}

Indent patch (fenced blocks don't work on this particular ikiwiki installation)
diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
index 2cc7ae957..4b1394a67 100644
--- a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
+++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
@@ -2,21 +2,19 @@ As best as I can recall, running ikiwiki-mass-rebuild as root has never worked f
 
 The following patch works much better on the aforementioned platforms, as well as CentOS 6:
 
-```
-diff --git ikiwiki-mass-rebuild ikiwiki-mass-rebuild
-index ce4e084e8..2ff33b493 100755
---- ikiwiki-mass-rebuild
-+++ ikiwiki-mass-rebuild
-@@ -32,7 +32,7 @@ sub processuser {
- 	my $user=shift;
- 	return if $user=~/^-/ || $users{$user};
- 	$users{$user}=1;
--	my $ret=system("su", $user, "-s", "/bin/sh", "-c", "--", "$0 --nonglobal @ARGV");
-+	my $ret=system("su", "-m", $user, "-c", "/bin/sh -c -- '$0 --nonglobal @ARGV'");
- 	if ($ret != 0) {
- 		print STDERR "warning: processing for $user failed with code $ret\n";
- 	}
-```
+    diff --git ikiwiki-mass-rebuild ikiwiki-mass-rebuild
+    index ce4e084e8..2ff33b493 100755
+    --- ikiwiki-mass-rebuild
+    +++ ikiwiki-mass-rebuild
+    @@ -32,7 +32,7 @@ sub processuser {
+     	my $user=shift;
+     	return if $user=~/^-/ || $users{$user};
+     	$users{$user}=1;
+    -	my $ret=system("su", $user, "-s", "/bin/sh", "-c", "--", "$0 --nonglobal @ARGV");
+    +	my $ret=system("su", "-m", $user, "-c", "/bin/sh -c -- '$0 --nonglobal @ARGV'");
+     	if ($ret != 0) {
+     		print STDERR "warning: processing for $user failed with code $ret\n";
+     	}
 
 The `-m` may be overzealous. I have some sites running as users with `/sbin/nologin` for a shell, and this allows running a command as those users, though without some typical environment variables. This is probably wrong. Maybe I should be doing something else to limit shell access for those users, and the su arg should instead be `-`.
 

Report portability bug, partway to a fix
diff --git a/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
new file mode 100644
index 000000000..2cc7ae957
--- /dev/null
+++ b/doc/bugs/ikiwiki-mass-rebuild_has_probably_never_worked_portably.mdwn
@@ -0,0 +1,23 @@
+As best as I can recall, running ikiwiki-mass-rebuild as root has never worked for me on NetBSD or Mac OS X. On both platforms, it gives me a shell as each user in the system wikilist. This is due to non-portable arguments to su(1).
+
+The following patch works much better on the aforementioned platforms, as well as CentOS 6:
+
+```
+diff --git ikiwiki-mass-rebuild ikiwiki-mass-rebuild
+index ce4e084e8..2ff33b493 100755
+--- ikiwiki-mass-rebuild
++++ ikiwiki-mass-rebuild
+@@ -32,7 +32,7 @@ sub processuser {
+ 	my $user=shift;
+ 	return if $user=~/^-/ || $users{$user};
+ 	$users{$user}=1;
+-	my $ret=system("su", $user, "-s", "/bin/sh", "-c", "--", "$0 --nonglobal @ARGV");
++	my $ret=system("su", "-m", $user, "-c", "/bin/sh -c -- '$0 --nonglobal @ARGV'");
+ 	if ($ret != 0) {
+ 		print STDERR "warning: processing for $user failed with code $ret\n";
+ 	}
+```
+
+The `-m` may be overzealous. I have some sites running as users with `/sbin/nologin` for a shell, and this allows running a command as those users, though without some typical environment variables. This is probably wrong. Maybe I should be doing something else to limit shell access for those users, and the su arg should instead be `-`.
+
+--[[schmonz]]

Added a comment: some clarifications
diff --git a/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_7_79007506e4b771100c524e604e10bac7._comment b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_7_79007506e4b771100c524e604e10bac7._comment
new file mode 100644
index 000000000..158247f93
--- /dev/null
+++ b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_7_79007506e4b771100c524e604e10bac7._comment
@@ -0,0 +1,24 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="http://cdn.libravatar.org/avatar/825d3c30cb96a053b5335e51b8d0bd49"
+ subject="some clarifications"
+ date="2018-03-21T13:41:18Z"
+ content="""
+> Oh, you're using git-annex for the srcdir? The approach I'd vaguely had in mind was to have an ordinary git repository with the Markdown/smaller assets/etc. as the srcdir, and a parallel (no common commits) git-annex with larger assets (photos) as an underlay.
+
+Yeah well, here I am using ikiwiki-hosting which sets up a standard set of repositories to push to. Here I push to `ssh://user@host/` and everything is magic after. So adding another repo would be quite clunky.
+
+> In an ideal world, symlinks in the srcdir would be treated as the content that they point to, if and only if the symlink is somehow \"safe\", with symlinks to non-pruned files in the srcdir and symlinks to non-pruned files in .git/annex/objects/ specifically being considered \"safe\". This is not yet that ideal world, because my to-do list for ikiwiki is a lot longer than the time I can justify spending on it.
+
+I understand I agree with that general design.
+
+> I think this mechanism would need to be in terms of \"for page/attachment X (a symlink), read file Y (the target of the symlink) instead of X\" determined during scanning, rather than removing the -l check from readfile(), because that -l check is a good safety-catch against implementation mistakes that could lead to private file disclosure.
+
+I do not believe I'm removing the -l check from readfile() in the latest patch. It *is* removed from `find_src_files`, but only as a strong armed measure: some more clever checks should be implemented there to check the targets... 
+
+> Sorry, I am not going to review patches that relax the symlink security check unless I can concentrate on them enough to be confident that I'm not introducing security vulnerabilities. I realise this means that review has taken too long, but delays (even long ones) seem better than CVEs.
+
+Agreed. :) I don't mind the delay so much anymore, TBH... As I said, I've mostly given up and I assume something will either pop up by magic in the future or this will never happen. It's not like *I* have the time to \"concentrate on them enough to be confident that I'm not introducing security vulnerabilities\" as you so clearly put it: I probably don't have your grasp on the ikiwiki source so it makes my job even harder, but I should be able to figure out a better patch than `1 || -l` at this point. :p
+
+Anyways, I just wanted to provide a slight clarification on the workflow here...
+"""]]

thanks + extra docs done
diff --git a/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
index c7f8ebd3e..cd39438a7 100644
--- a/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
+++ b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
@@ -70,3 +70,20 @@ Thanks!
 > without parsing the date, they can still use `\[[!meta name="date" content="xxx"]]`.
 >
 > [[!tag done]] --[[smcv]]
+
+> > To my defense, when I wrote this, I didn't consider this a bug: I
+> > was assuming the problem I was seeing was just some dumb mistake
+> > that I made and, indeed, there *was* one such formatting mistake.
+> >
+> > But yeah, I could have re-edited this whole thing to make it look
+> > better. I'm sorry, but I was at the end of an already long
+> > yak-shaving session...
+> >
+> > I wasn't sure if doing an error was the right way to go, as this
+> > might break rendering for existing sites... But I'm glad you fixed
+> > this anyways!
+> >
+> > Thank you for the super-fast-response! :) I also tried updating
+> > the [[meta directive documentation|ikiwiki/directive/meta]] so
+> > that it's a little more detailed about that stuff. I hope that's 
+> > alright... -- [[anarcat]]

clarify what date fields do, following [[bugs/invalid_meta_date_or_updated_not_diagnosed]]
diff --git a/doc/ikiwiki/directive/meta.mdwn b/doc/ikiwiki/directive/meta.mdwn
index 3df176c48..89a32946a 100644
--- a/doc/ikiwiki/directive/meta.mdwn
+++ b/doc/ikiwiki/directive/meta.mdwn
@@ -75,8 +75,12 @@ a quote in the text by writing `&quot;` and so on.
 
 * date
 
-  Specifies the creation date of the page. The date can be entered in
-  nearly any format, since it's parsed by [[!cpan TimeDate]].
+  Specifies the creation date of the page. This creates a 
+  `<meta name="date" content="...">` header in the HTML output, but also
+  modifies the internal `ctime` in the [[internal index|tips/inside_dot_ikiwiki/]].
+  The date can be entered in nearly any format, since it's parsed by
+  [[!cpan TimeDate]] but invalid dates yield an error in 3.20180321
+  or later.
 
 * stylesheet
 
@@ -193,7 +197,8 @@ a quote in the text by writing `&quot;` and so on.
   modification time, like Planet: for instance, when editing an old blog post
   to add tags, you could set `updated` to be one second later than the original
   value. The date/time can be given in any format that
-  [[!cpan TimeDate]] can understand, just like the `date` field.
+  [[!cpan TimeDate]] can understand, just like the `date` field and maps to the
+  `<meta name="updated" content="...">` HTML header and internal `mtime` field.
 
 * foaf
 

Added a comment
diff --git a/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_6_f5eba98543b320773c334a0f39e2faa1._comment b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_6_f5eba98543b320773c334a0f39e2faa1._comment
new file mode 100644
index 000000000..b01b4f4c4
--- /dev/null
+++ b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_6_f5eba98543b320773c334a0f39e2faa1._comment
@@ -0,0 +1,36 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="comment 6"
+ date="2018-03-21T09:30:41Z"
+ content="""
+> the \"source\" directory still have those broken symlinks, and those shadow the underlay
+
+Oh, you're using git-annex for the srcdir? The approach I'd vaguely had in mind was to
+have an ordinary git repository with the Markdown/smaller assets/etc. as the srcdir,
+and a parallel (no common commits) git-annex with larger assets (photos) as an underlay.
+
+I feel as though broken symlinks in the srcdir probably *should* shadow the underlay,
+because otherwise there's nothing we can use as a \"white-out\" to suppress files from
+the underlay. (But perhaps the canonical white-out should be a symlink to /dev/null,
+as used in systemd.)
+
+In an ideal world, symlinks in the srcdir would be treated as the content that they
+point to, if and only if the symlink is somehow \"safe\", with symlinks to non-pruned
+files in the srcdir and symlinks to non-pruned files in .git/annex/objects/
+specifically being considered \"safe\". This is not yet that ideal world, because my
+to-do list for ikiwiki is a lot longer than the time I can justify spending on it.
+
+I think this mechanism would need to be in terms of \"for page/attachment X (a
+symlink), read file Y (the target of the symlink) instead of X\" determined
+during scanning, rather than removing the `-l` check from `readfile()`, because
+that `-l` check is a good safety-catch against implementation mistakes that
+could lead to private file disclosure.
+
+> I wrote a patch to work around that issue, to make sure that security checks properly fallback to the underlay when there's a broken symlink
+
+Sorry, I am not going to review patches that relax the symlink security check unless I can
+concentrate on them enough to be confident that I'm not introducing security vulnerabilities.
+I realise this means that review has taken too long, but delays (even long ones) seem better
+than CVEs.
+"""]]

clarify
diff --git a/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
index 8789dad7a..c7f8ebd3e 100644
--- a/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
+++ b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
@@ -61,7 +61,8 @@ Thanks!
 > I think the historical assumption was that even if the date can't be parsed for the
 > second purpose, you still want the first purpose. However, you're right that this is
 > really fragile, and the first purpose seems fairly niche anyway.
-> In ikiwiki git master (to be released as 3.20180321 or later) I've made `\[[!meta]]`
+> In ikiwiki git master (to be released as 3.20180321 or later) I've made `\[[!meta date=...]]`
+> and `\[[!meta updated=...]]`
 > produce an error message if you don't have `Date::Parse` or if the date/time is
 > malformed.
 > 

convert from forum to bug, mark as done
diff --git a/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
index 17552d471..8789dad7a 100644
--- a/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
+++ b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
@@ -44,3 +44,28 @@ So, long story short: shouldn't invalid dates in meta tags yield an error of som
 Thanks!
 
 -- [[anarcat]]
+
+> If you're reporting a bug, it would be helpful to lead with the actual bug and save
+> the account of how you tried to debug it for later (or omit it).
+> I've moved this from a forum post into a bug report.
+>
+> The meta plugin uses Date::Parse::str2time from the TimeDate Perl library, so it has
+> whatever error handling that has. However, historically any error has essentially
+> been ignored, which I think is a bug.
+>
+> `\[[!meta date]]` and `\[[!meta updated]]` have two purposes:
+>
+> * they create `<meta name="date" content="xxx">` and `<meta name="updated" content="xxx">`
+> * they change the ctime/mtime used by ikiwiki for sorting, etc.
+>
+> I think the historical assumption was that even if the date can't be parsed for the
+> second purpose, you still want the first purpose. However, you're right that this is
+> really fragile, and the first purpose seems fairly niche anyway.
+> In ikiwiki git master (to be released as 3.20180321 or later) I've made `\[[!meta]]`
+> produce an error message if you don't have `Date::Parse` or if the date/time is
+> malformed.
+> 
+> In the unlikely event that someone really wants `<meta name="date" content="xxx">`
+> without parsing the date, they can still use `\[[!meta name="date" content="xxx"]]`.
+>
+> [[!tag done]] --[[smcv]]

rename forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn to bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
diff --git a/doc/forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn b/doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn
similarity index 100%
rename from doc/forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn
rename to doc/bugs/invalid_meta_date_or_updated_not_diagnosed.mdwn

Added a comment: tried and tried and failed
diff --git a/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_5_12df3e93351aa4158e518e68021460cf._comment b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_5_12df3e93351aa4158e518e68021460cf._comment
new file mode 100644
index 000000000..5e2151d15
--- /dev/null
+++ b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_5_12df3e93351aa4158e518e68021460cf._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="http://cdn.libravatar.org/avatar/825d3c30cb96a053b5335e51b8d0bd49"
+ subject="tried and tried and failed"
+ date="2018-03-19T15:53:01Z"
+ content="""
+I've tried again and again to make that work in [[todo/git-annex_support]]. I'm not sure what's going on anymore, because I've been looking at this for 5 years, wrote a patch 3 years ago, and gave up 2 years ago, so my memory is failing me a little. :)
+
+The takeaway, for me, is that the recommended approach of using the underlay does *not* work without assistance. There are two main issues:
+
+ * the \"source\" directory still have those broken symlinks, and those shadow the underlay. I wrote a patch to work around that issue, to make sure that security checks properly fallback to the underlay when there's a broken symlink.  that's still awaiting review
+ * we need a better workflow to move files between the client, the source directory and the underlay. It's unclear to me how we're supposed to handle this, and the UI is especially nasty with the hook I used because it gets called every time there's a push, which can happen multiple times if automatic tag creation is enabled.
+
+It would be really nice to have a better setup for this. I wonder if it wouldn't be easier to do that with Git LFS, because it's a *little* better at bundling the files along. But it generally assumes there's a magic central location where we can find files from, which is not the model I'm looking for here.
+
+Anyways, just a \"me too\", I guess, but it would be awesome to have the greatest ikiwiki minds lean over this problem and fix it. It's kind of weird to not have ikiwiki support here considering the history of the project, but I understand that Joey has mostly moved away from active ikiwiki maintenance at this point, so it's understandable. :)
+
+Cheers! -- [[anarcat]]
+"""]]

trying to figure out a stupid mistake takes a long time, how about we shortcircuit that with errors or warnings?
diff --git a/doc/forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn b/doc/forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn
new file mode 100644
index 000000000..17552d471
--- /dev/null
+++ b/doc/forum/problems_with_ctime__47__date__47__updated__47__mtime__47__etc.mdwn
@@ -0,0 +1,46 @@
+I'm having a hard time figuring out how the creation time, modification time, internal `ctime` and `mtime` fields (in `indexdb`) play along with the [[plugins/meta]] directive.
+
+In some articles I write, I hardcode the creation and modification time, because they are imported from LWN.net, as such:
+
+    \[[!meta title="The cost of hosting in the cloud"]]
+    \[[!meta date="2018-02-281T12:00:00-0500"]]
+    \[[!meta updated="2018-03-12T14:22:45-0500"]]
+
+But strangely, [that article](https://anarc.at/blog/2018-03-12-cost-of-hosting/) does *not* show up as "created" on "february 28th": it shows up as "Created 6 days and 20 hours ago", ie. "march 12th" (`2018-03-12T18:29:12Z`). That is strange, because that's the *modification* date (`meta updated`), not the *creation* date. Similarly, the "edited" date is `2018-03-19T14:47:45Z` (40 minutes ago), which is more or less accurate: the page *was* modified some time ago, but shouldn't the `meta` tag override that? Note that the `edited` date matches the file's `mtime` field in the source directory:
+
+    w-anarcat@marcos:~$ LANG=C stat source/blog/2018-03-12-cost-of-hosting.mdwn 
+      File: source/blog/2018-03-12-cost-of-hosting.mdwn
+      Size: 14022           Blocks: 32         IO Block: 4096   regular file
+    Device: fd05h/64773d    Inode: 7905532     Links: 1
+    Access: (0644/-rw-r--r--)  Uid: ( 1026/w-anarcat)   Gid: ( 1026/w-anarcat)
+    Access: 2018-03-19 11:19:21.237074935 -0400
+    Modify: 2018-03-19 10:47:45.000000000 -0400
+    Change: 2018-03-19 11:19:20.509065456 -0400
+     Birth: -
+
+This wouldn't be so much of a problem if that stuff was consistent: but it's not really. What's supposed to be the [following article](https://anarc.at/blog/2018-03-19-sigal/) actually shows up *before* in the [blog index](https://anarc.at/blog/) which is rather annoying. It's also [backwards in the RSS feed](https://anarc.at/blog/index.rss), which will possibly break some feed readers who will miss the new article.
+
+That newer article shows up as `Created 12 days and 15 hours ago` (`2018-03-07T00:00:00Z`) and also "edited 40 minutes ago" (`2018-03-19T14:51:29Z`). It has the following meta:
+
+   \[[!meta title="Easy photo galleries with Sigal"]]
+   \[[!meta date="2018-03-07T00:00:00+0000"]]
+   \[[!meta updated="2018-03-19T10:26:12-0400"]]
+
+So *there* the `date` meta tag *works*: the creation date is correct, but obviously, it means it comes *before* the other article, because *that* one doesn't get loaded correctly.
+
+By now, clever folks will have noticed the problem: it's with the first timestamp:
+
+    \[[!meta date="2018-02-281T12:00:00-0500"]]
+
+There's an extra one in there! Obviously, february 281 is not a valid date... What happened is that I sometimes modify those dates by hand, and I sometimes mess it up. I actually messed it up twice there, the original timestamps were:
+
+    \[[!meta date="2018-02-281T12:00:00-0500"]]
+    \[[!meta updated="2018-14-22T14:22:45-0500"]]
+
+The error, in the second one, is that I put the time instead of the date (!). I must have been very distracted, but still it's kind of hard to edit those timestamps correctly. I think the fundamental problem here is that Ikiwiki doesn't say anything when those timestamps can't be parsed properly. It seems to me there should be an error somewhere, if not directly in the page, at least in the rendering logs or somewhere, if the date cannot be parsed correctly.
+
+So, long story short: shouldn't invalid dates in meta tags yield an error of some sort instead of being silently ignored? I spent half an hour figuring this one out, going as far as regenerating the whole wiki to try and see if it was a caching issue in indexdb...
+
+Thanks!
+
+-- [[anarcat]]

Announce 3.20180311
diff --git a/doc/news/version_3.20170111.mdwn b/doc/news/version_3.20170111.mdwn
deleted file mode 100644
index 03b2ac2c4..000000000
--- a/doc/news/version_3.20170111.mdwn
+++ /dev/null
@@ -1,10 +0,0 @@
-ikiwiki 3.20170111 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * passwordauth: prevent authentication bypass via multiple name
-     parameters (CVE-2017-0356, OVE-20170111-0001)
-   * passwordauth: avoid userinfo forgery via repeated email parameter
-     (also in the scope of CVE-2017-0356)
-   * CGI, attachment, passwordauth: harden against repeated parameters
-     (not believed to have been a vulnerability)
-   * remove: make it clearer that repeated page parameter is OK here
-   * t/passwordauth.t: new automated test for passwordauth"""]]
\ No newline at end of file
diff --git a/doc/news/version_3.20180311.mdwn b/doc/news/version_3.20180311.mdwn
new file mode 100644
index 000000000..dc65cd5f8
--- /dev/null
+++ b/doc/news/version_3.20180311.mdwn
@@ -0,0 +1,11 @@
+ikiwiki 3.20180311 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Amitai Schleier ]
+   * Avoid unexpected full paths from find(1)
+ * [ thm.id.fedoraproject.org ]
+   * rst test: Probe for docutils Python 3 module, not Python 2
+ * [ Simon McVittie ]
+   * mdwn: Automatically detect which Discount flags to use, fixing
+     regressions in 3.20180228 when using Discount &lt; 2.2
+   * Add a test asserting that no plugin is an empty file, to confirm
+     that the build fixes in 3.20180228 were successful"""]]
\ No newline at end of file

mdwn: Automatically detect which libdiscount flags to use
Unconditionally passing arbitrary numbers as flags turns out to be a
bad idea, because some of the "unused" values have historically had
side-effects internal to libdiscount. Detect whether the known flags
work by rendering short Markdown snippets the first time we htmlize,
checking whether each known flag is both necessary and sufficient.
diff --git a/IkiWiki/Plugin/mdwn.pm b/IkiWiki/Plugin/mdwn.pm
index 66116ae01..eefa29a97 100644
--- a/IkiWiki/Plugin/mdwn.pm
+++ b/IkiWiki/Plugin/mdwn.pm
@@ -89,6 +89,55 @@ sub htmlize (@) {
 		    (! exists $config{nodiscount} || ! $config{nodiscount})) {
 			eval q{use Text::Markdown::Discount};
 			if (! $@) {
+				my $markdown = \&Text::Markdown::Discount::markdown;
+				my $always_flags = 0;
+
+				# Disable Pandoc-style % Title, % Author, % Date
+				# Use the meta plugin instead
+				$always_flags |= Text::Markdown::Discount::MKD_NOHEADER();
+
+				# Disable Unicodification of quote marks, em dashes...
+				# Use the typography plugin instead
+				$always_flags |= Text::Markdown::Discount::MKD_NOPANTS();
+
+				# Workaround for discount's eliding of <style> blocks.
+				# https://rt.cpan.org/Ticket/Display.html?id=74016
+				if (Text::Markdown::Discount->can('MKD_NOSTYLE')) {
+					$always_flags |= Text::Markdown::Discount::MKD_NOSTYLE();
+				}
+				elsif ($markdown->('<style>x</style>', 0) !~ '<style>' &&
+					$markdown->('<style>x</style>', 0x00400000) =~ m{<style>x</style>}) {
+					$always_flags |= 0x00400000;
+				}
+
+				# Enable fenced code blocks in libmarkdown >= 2.2.0
+				# https://bugs.debian.org/888055
+				if (Text::Markdown::Discount->can('MKD_FENCEDCODE')) {
+					$always_flags |= Text::Markdown::Discount::MKD_FENCEDCODE();
+				}
+				elsif ($markdown->("~~~\nx\n~~~", 0) !~ m{<pre\b} &&
+					$markdown->("~~~\nx\n~~~", 0x02000000) =~ m{<pre\b}) {
+					$always_flags |= 0x02000000;
+				}
+
+				# PHP Markdown Extra-style term\n: definition -> <dl>
+				if (Text::Markdown::Discount->can('MKD_DLEXTRA')) {
+					$always_flags |= Text::Markdown::Discount::MKD_DLEXTRA();
+				}
+				elsif ($markdown->("term\n: def\n", 0) !~ m{<dl>} &&
+					$markdown->("term\n: def\n", 0x01000000) =~ m{<dl>}) {
+					$always_flags |= 0x01000000;
+				}
+
+				# Allow dashes and underscores in tag names
+				if (Text::Markdown::Discount->can('MKD_GITHUBTAGS')) {
+					$always_flags |= Text::Markdown::Discount::MKD_GITHUBTAGS();
+				}
+				elsif ($markdown->('<foo_bar>', 0) !~ m{<foo_bar} &&
+					$markdown->('<foo_bar>', 0x08000000) =~ m{<foo_bar\b}) {
+					$always_flags |= 0x08000000;
+				}
+
 				$markdown_sub=sub {
 					my $t=shift;
 
@@ -96,15 +145,7 @@ sub htmlize (@) {
 					# https://rt.cpan.org/Ticket/Display.html?id=73657
 					return "" if $t=~/^\s*$/;
 
-					my $flags=0;
-
-					# Disable Pandoc-style % Title, % Author, % Date
-					# Use the meta plugin instead
-					$flags |= Text::Markdown::Discount::MKD_NOHEADER();
-
-					# Disable Unicodification of quote marks, em dashes...
-					# Use the typography plugin instead
-					$flags |= Text::Markdown::Discount::MKD_NOPANTS();
+					my $flags=$always_flags;
 
 					if ($config{mdwn_footnotes}) {
 						$flags |= Text::Markdown::Discount::MKD_EXTRA_FOOTNOTE();
@@ -114,42 +155,6 @@ sub htmlize (@) {
 						$flags |= Text::Markdown::Discount::MKD_NOALPHALIST();
 					}
 
-					# Workaround for discount's eliding
-					# of <style> blocks.
-					# https://rt.cpan.org/Ticket/Display.html?id=74016
-					if (Text::Markdown::Discount->can("MKD_NOSTYLE")) {
-						$flags |= Text::Markdown::Discount::MKD_NOSTYLE();
-					}
-					else {
-						# This is correct for the libmarkdown.so.2 ABI
-						$flags |= 0x00400000;
-					}
-
-					# Enable fenced code blocks in libmarkdown >= 2.2.0
-					# https://bugs.debian.org/888055
-					if (Text::Markdown::Discount->can("MKD_FENCEDCODE")) {
-						$flags |= Text::Markdown::Discount::MKD_FENCEDCODE();
-					}
-					else {
-						$flags |= 0x02000000;
-					}
-
-					# PHP Markdown Extra-style term\n: definition -> <dl>
-					if (Text::Markdown::Discount->can("MKD_DLEXTRA")) {
-						$flags |= Text::Markdown::Discount::MKD_DLEXTRA();
-					}
-					else {
-						$flags |= 0x01000000;
-					}
-
-					# Allow dashes and underscores in tag names
-					if (Text::Markdown::Discount->can("MKD_GITHUBTAGS")) {
-						$flags |= Text::Markdown::Discount::MKD_GITHUBTAGS();
-					}
-					else {
-						$flags |= 0x08000000;
-					}
-
 					return Text::Markdown::Discount::markdown($t, $flags);
 				}
 			}
diff --git a/doc/bugs/discount_stopped_rendering_markdown_links.mdwn b/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
index 1d70c926e..cfe544b02 100644
--- a/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
+++ b/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
@@ -34,3 +34,8 @@ Some guesses:
 > Orthogonally, pkgsrc should probably use an up-to-date version of Discount, and
 > [we already know that Text::Markdown::Discount needs updating](https://rt.cpan.org/Public/Bug/Display.html?id=124188).
 > --[[smcv]]
+
+>> This should be [[fixed|done]] in current git. The mdwn module now
+>> detects what your version of Discount supports by trying several
+>> short HTML fragments that render differently under the different
+>> flags. --[[smcv]]
diff --git a/t/mdwn.t b/t/mdwn.t
index 93b8bd8e9..ca3180139 100755
--- a/t/mdwn.t
+++ b/t/mdwn.t
@@ -8,6 +8,7 @@ BEGIN { use_ok("IkiWiki"); }
 
 %config=IkiWiki::defaultconfig();
 $config{srcdir}=$config{destdir}="/dev/null";
+$config{disable_plugins}=["htmlscrubber"];
 IkiWiki::loadplugins();
 IkiWiki::checkconfig();
 
@@ -41,4 +42,25 @@ like(IkiWiki::htmlize("foo", "foo", "mdwn",
 	"This works[^1]\n\n[^1]: Sometimes it doesn't.\n"),
 	qr{<p>This works<sup\W}, "footnotes can be enabled");
 
+SKIP: {
+	skip 'set $IKIWIKI_TEST_ASSUME_MODERN_DISCOUNT if you have Discount 2.2.0+', 4
+		unless $ENV{IKIWIKI_TEST_ASSUME_MODERN_DISCOUNT};
+	like(IkiWiki::htmlize("foo", "foo", "mdwn",
+			"Definition list\n: A useful HTML structure\n"),
+		qr{<dl>.*<dt>Definition list</dt>\s*<dd>A useful HTML structure</dd>}s,
+		"definition lists are enabled by default");
+	like(IkiWiki::htmlize("foo", "foo", "mdwn",
+			"```\n#!/bin/sh\n```\n"),
+		qr{<pre>\s*<code>\s*[#]!/bin/sh\s*</code>\s*</pre>}s,
+		"code blocks are enabled by default");
+	like(IkiWiki::htmlize("foo", "foo", "mdwn",
+			"<foo_bar>"),
+		qr{<foo_bar>},
+		"GitHub tag name extensions are enabled by default");
+	like(IkiWiki::htmlize("foo", "foo", "mdwn",
+			"<style>foo</style>"),
+		qr{<style>foo</style>},
+		"Styles are not stripped by default");
+}
+
 done_testing();

in progress
diff --git a/doc/bugs/discount_stopped_rendering_markdown_links.mdwn b/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
index a5dd0bac0..1d70c926e 100644
--- a/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
+++ b/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
@@ -22,3 +22,15 @@ Some guesses:
 
 - Sufficiently old versions of the Discount library may break when passed unrecognized flags, in which case ikiwiki might want to version-check before passing flags
 - The version of the Discount library bundled with upstream Text::Markdown::Discount may be extremely old, in which case pkgsrc might want to make it depend instead on an external Discount package
+
+> This appears to be because `MKD_GITHUBTAGS` and `MKD_LATEX` both have numeric values that
+> were previously used for the internal flag `IS_LABEL`, which strips HTML (its value has
+> changed a couple of times).
+>
+> Having thought about this a bit, I realise I can probe for the values of these flags by
+> processing HTML that should have different results with the flag set or unset, which
+> would be safer than just blindly using them.
+>
+> Orthogonally, pkgsrc should probably use an up-to-date version of Discount, and
+> [we already know that Text::Markdown::Discount needs updating](https://rt.cpan.org/Public/Bug/Display.html?id=124188).
+> --[[smcv]]

Report bug.
diff --git a/doc/bugs/discount_stopped_rendering_markdown_links.mdwn b/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
new file mode 100644
index 000000000..a5dd0bac0
--- /dev/null
+++ b/doc/bugs/discount_stopped_rendering_markdown_links.mdwn
@@ -0,0 +1,24 @@
+# What I did
+
+Upgraded from 3.20180105 to 3.20180228 (from pkgsrc).
+No change to installed Text::Markdown::Discount (0.11nb4 from pkgsrc, using upstream's bundled Discount library).
+
+# What I expected to happen
+
+Markdown-style links to continue being rendered as before.
+
+# What actually happened
+
+Markdown-style links stopped being links.
+Instead, they render the part in square brackets as ordinary text.
+
+# Proximate cause
+
+In [f46e429](http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=f46e429d96ead32943cb2670d7686df8c77de361), if I comment out the `MKD_GITHUBTAGS` if block, the problem goes away.
+
+# Further causes and possible solutions
+
+Some guesses:
+
+- Sufficiently old versions of the Discount library may break when passed unrecognized flags, in which case ikiwiki might want to version-check before passing flags
+- The version of the Discount library bundled with upstream Text::Markdown::Discount may be extremely old, in which case pkgsrc might want to make it depend instead on an external Discount package

close
diff --git a/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn b/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn
index 597b8dea1..c2f3a1aa7 100644
--- a/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn
+++ b/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn
@@ -11,3 +11,5 @@ Now that the rst plugin uses Python3, the test should test docutils existence al
      		eval 'use Test::More skip_all => "docutils not available"';
      	}
      }
+
+> [[Applied|done]], thanks. --[[smcv]]

diff --git a/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn b/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn
new file mode 100644
index 000000000..597b8dea1
--- /dev/null
+++ b/doc/bugs/t__47__rst.t_should_call_python3__44___not_python.mdwn
@@ -0,0 +1,13 @@
+Now that the rst plugin uses Python3, the test should test docutils existence also with Python3:
+
+    --- rst.t.orig	2018-02-28 10:41:06.000000000 +0000
+    +++ rst.t	2018-03-03 17:17:23.862702468 +0000
+    @@ -3,7 +3,7 @@
+     use strict;
+     
+     BEGIN {
+    -	if (system("python -c 'import docutils.core'") != 0) {
+    +	if (system("python3 -c 'import docutils.core'") != 0) {
+     		eval 'use Test::More skip_all => "docutils not available"';
+     	}
+     }

Frohdo - new personal website added
diff --git a/doc/ikiwikiusers.mdwn b/doc/ikiwikiusers.mdwn
index a47692cfd..f84347521 100644
--- a/doc/ikiwikiusers.mdwn
+++ b/doc/ikiwikiusers.mdwn
@@ -194,6 +194,7 @@ Personal sites and blogs
 * [Salient Dream](http://www.salientdream.com/) - All Things Strange. 
 * [Anton Berezin's blog](http://blog.tobez.org/)
 * [Waldgarten]( http://waldgarten.greenonion.org/ ) News and documentation of a permaculture inspired neighbourhood-garden located in Hamburg, Germany.
+* [Frohdo](https://frohdo.de) - With raw food against back pain and other diseases
 * [[OscarMorante]]'s [personal site](http://oscar.morante.eu).
 * [Puckspage]( http://www.puckspage.org/ ) Political and personal blog in German. The name comes from the elf out of midsummer nights dream.  
 * [[LucaCapello]]'s [homepage](http://luca.pca.it)

Announce 3.20180228
diff --git a/doc/news/version_3.20170110.mdwn b/doc/news/version_3.20170110.mdwn
deleted file mode 100644
index b28cee05c..000000000
--- a/doc/news/version_3.20170110.mdwn
+++ /dev/null
@@ -1,41 +0,0 @@
-ikiwiki 3.20170110 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Amitai Schleier ]
-   * wrappers: Correctly escape quotes in git\_wrapper\_background\_command
- * [ Simon McVittie ]
-   * git: use an explicit function parameter for the directory to work
-     in. Previously, we used global state that was not restored correctly
-     on catching exceptions, causing an unintended log message
-     "cannot chdir to .../ikiwiki-temp-working: No such file or directory"
-     with versions &gt;= 3.20161229 when an attempt to revert a change fails
-     or is disallowed
-   * git: don't run "git rev-list ... -- -- ..." which would select the
-     wrong commits if a file named literally "--" is present in the
-     repository
-   * check\_canchange: log "bad file name whatever", not literal string
-     "bad file name %s"
-   * t/git-cgi.t: fix a race condition that made the test fail
-     intermittently
-   * t/git-cgi.t: be more careful to provide a syntactically valid
-     author/committer name and email, hopefully fixing this test on
-     ci.debian.net
-   * templates, comments, passwordauth: use rel=nofollow microformat
-     for dynamic URLs
-   * templates: use rel=nofollow microformat for comment authors
-   * news: use Debian security tracker instead of MITRE for security
-     references. Thanks, anarcat
-   * Set package format to 3.0 (native)
-   * d/copyright: re-order to put more specific stanzas later, to get the
-     intended interpretation
-   * d/source/lintian-overrides: override obsolete-url-in-packaging for
-     OpenID Selector, which does not seem to have any more current URL
-     (and in any case our version is a fork)
-   * docwiki.setup: exclude TourBusStop from offline documentation.
-     It does not make much sense there.
-   * d/ikiwiki.lintian-overrides: override script-not-executable warnings
-   * d/ikiwiki.lintian-overrides: silence false positive spelling warning
-     for Moin Moin
-   * d/ikiwiki.doc-base: register the documentation with doc-base
-   * d/control: set libmagickcore-6.q16-3-extra as preferred
-     build-dependency, with virtual package libmagickcore-extra as an
-     alternative, to help autopkgtest to do the right thing"""]]
\ No newline at end of file
diff --git a/doc/news/version_3.20180228.mdwn b/doc/news/version_3.20180228.mdwn
new file mode 100644
index 000000000..a32e9b1e1
--- /dev/null
+++ b/doc/news/version_3.20180228.mdwn
@@ -0,0 +1,20 @@
+ikiwiki 3.20180228 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * core: Don't send relative redirect URLs when behind a reverse proxy
+   * core: Escape backticks etc. in directive error messages as HTML
+     entities so that the error message is not subsequently parsed as
+     Markdown
+   * mdwn: Enable fenced code blocks, PHP Markdown Extra-style definition
+     lists and GitHub-style extensions to HTML tag syntax when used with
+     Discount &gt;= 2.2.0 (Closes: #[888055](http://bugs.debian.org/888055))
+   * img: Fix auto-detection of image format (if enabled, which is
+     strongly discouraged) with ImageMagick &gt;= 6.9.8-3
+   * rst: Use Python 3 instead of Python 2
+   * build: `set -e` before each `for` loop, so that errors are reliably
+     trapped
+   * build: Use if/then instead of `||` so that the `-e` flag works
+   * build: Ensure that pm\_to\_blib finishes before rewriting shebang lines
+   * t: Make the img test pass with ImageMagick &gt;= 6.9.8-3
+     (Closes: #[891647](http://bugs.debian.org/891647))
+   * debian: Remove unused Lintian overrides for duplicate word false positives
+   * debian: Declare compliance with Debian Policy 4.1.3"""]]
\ No newline at end of file

rst: Use Python 3 instead of Python 2
diff --git a/.gitignore b/.gitignore
index d27140896..a8d5ae77f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ pm_to_blib
 /MYMETA.json
 /MYMETA.yml
 *.man
+/plugins/__pycache__/
 /po/cover_db
 /po/html/
 po/po2wiki_stamp
diff --git a/CHANGELOG b/CHANGELOG
index e528fa265..c481e41c3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,7 @@ ikiwiki (3.20180106) UNRELEASED; urgency=medium
     Discount >= 2.2.0 (Closes: #888055)
   * img: Fix auto-detection of image format (if enabled, which is
     strongly discouraged) with ImageMagick >= 6.9.8-3
+  * rst: Use Python 3 instead of Python 2
   * build: `set -e` before each `for` loop, so that errors are reliably
     trapped
   * build: Use if/then instead of `||` so that the `-e` flag works
diff --git a/debian/control b/debian/control
index 4dbb39db3..6af39bd83 100644
--- a/debian/control
+++ b/debian/control
@@ -96,8 +96,8 @@ Suggests:
  libxml-writer-perl,
  po4a (>= 0.35-1),
  polygen,
- python,
- python-docutils,
+ python3,
+ python3-docutils,
  texlive,
  tidy,
  viewvc | gitweb | viewcvs,
diff --git a/doc/todo/consider_using_python3_for_rst_plugin.mdwn b/doc/todo/consider_using_python3_for_rst_plugin.mdwn
index b95dff641..741c78d38 100644
--- a/doc/todo/consider_using_python3_for_rst_plugin.mdwn
+++ b/doc/todo/consider_using_python3_for_rst_plugin.mdwn
@@ -23,3 +23,5 @@ change upstream immediately to give other maintainers a chance to comment. Thoug
 > change to ikiwiki. Can't attest for other situations, but am generally
 > biased toward biting future bullets as early as possible.
 > --[[schmonz]]
+
+>> Nobody objected, so it's now python3 for the next release. [[done]] --[[smcv]]
diff --git a/plugins/proxy.py b/plugins/proxy.py
index b61eb466c..2a6222aa0 100755
--- a/plugins/proxy.py
+++ b/plugins/proxy.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
 # proxy.py — helper for Python-based external (xml-rpc) ikiwiki plugins
diff --git a/plugins/pythondemo b/plugins/pythondemo
index 5e031805b..213e9bb27 100755
--- a/plugins/pythondemo
+++ b/plugins/pythondemo
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
 # pythondemo — demo Python ikiwiki plugin
diff --git a/plugins/rst b/plugins/rst
index ba0f543f9..08eb54f85 100755
--- a/plugins/rst
+++ b/plugins/rst
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
 # rst — xml-rpc-based ikiwiki plugin to process RST files

Close bug
diff --git a/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn b/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn
index c21b9668d..d6af77111 100644
--- a/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn
+++ b/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn
@@ -63,4 +63,9 @@ Is this is a known problem and is there maybe a fix for this issue?
 >> 
 >> So it seems, that an empty coder prefix is not accepted anymore. To me it seems that [this commit](https://github.com/ImageMagick/ImageMagick/commit/4bc9b6b) changed the behavior. Unfortunately, the commit message doens't tell us about the reasons behind. The commit is included from version 6.9.8-3 on.
 
-
+>>> This should now be [[fixed|done]] in git and in the next release.
+>>> The test failure does not indicate a loss of functionality, unless
+>>> you are using uncommon image formats enabled with
+>>> `img_allowed_formats: [everything]`, which is a potential security
+>>> vulnerability because it exposes the attack surface of all
+>>> ImageMagick decoder modules. --[[smcv]]

Added a comment
diff --git a/doc/forum/Some_thoughts_about_Ikiwiki/comment_1_db32786dd1c1022cec983a12a30b2b17._comment b/doc/forum/Some_thoughts_about_Ikiwiki/comment_1_db32786dd1c1022cec983a12a30b2b17._comment
new file mode 100644
index 000000000..524ca09c3
--- /dev/null
+++ b/doc/forum/Some_thoughts_about_Ikiwiki/comment_1_db32786dd1c1022cec983a12a30b2b17._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="jon+ikiwiki@663db4cb26e845748f3e7e6d51eeb26c6014f1c3"
+ nickname="jon+ikiwiki"
+ avatar="http://cdn.libravatar.org/avatar/2a3bcb34947fceef61560bd8a2931957"
+ subject="comment 1"
+ date="2018-02-22T16:30:42Z"
+ content="""
+I have basically been on a similar journey recently. Honestly I would like to move on from IkiWiki myself, and I agree with most of your first points (except the OOP one, which I think is a red herring). I haven't done a deep evaluation of other static site generators, just a shallow one; but I haven't looked at only Python. But results across other languages are much the same. A few core concepts in IkiWiki are very *right*, IMHO: the pagespec/wikilink rules amongst them. -- [[Jon]]
+"""]]

Some thoughts about Ikiwiki
diff --git a/doc/forum/Some_thoughts_about_Ikiwiki.mdwn b/doc/forum/Some_thoughts_about_Ikiwiki.mdwn
new file mode 100644
index 000000000..a204bf5d8
--- /dev/null
+++ b/doc/forum/Some_thoughts_about_Ikiwiki.mdwn
@@ -0,0 +1,20 @@
+*Note : In this post, I only consider Ikiwiki as a static site compiler, not a wiki engine.*
+
+I have been using Ikiwiki for some years, writing [[several packages|spalax]], making some small contributions, and I somehow have the feeling that IkiWiki is getting old (maybe it has some technological debt). Among the things I am missing is:
+
+* it is written in Perl, and I don't know Perl;
+* I think it could benefit from using OOP (object oriented programming);
+* the template system is very very limited (compared to some modern template engines, like [Jinja2](http://jinja.pocoo.org/) or [Django](https://docs.djangoproject.com/en/2.0/topics/templates/)).
+
+So I looked at other static site generators (only in Python, because it is the only programming language I master). My thought was: since Ikiwiki is old (as [Joeyh said](https://joeyh.name/blog/entry/twenty_years_of_free_software_--_part_1_ikiwiki/): *it was a static site generator before we knew what those were. It wasn't the first, but it broke plenty of new ground*), modern static site generators should be as good as Ikiwiki, with some design mistakes fixed, right? I was wrong.
+
+Here are a few things that Ikiwiki does well, that other tools miss (and I might be biaised, but do no think that my opinion about it is an aversion to change: I do think Ikiwiki does it better).
+
+* The other tools I tried use separate pages from images from data (each one is in its own tree directory structure). There are workarounds, but [they might have caveats](https://github.com/getnikola/nikola/issues/2266#issuecomment-365922299). This might be linked to the next point:
+* [[Wikilinks|ikiwiki/wikilink]] are great! I did not like them at first (I feared that if a page `foo` was linked to `bar`, this link might be broken later if another page `bar` was created, with a higher precedence than the original one). But I ended up liking it.
+* The way other tools can be extended seems not clean: I do not want to write complex stuff or have to use regexp to match my new directive (or wathever it is called). Ikiwiki [[directive|ikiwiki/directive]] are great: writing a new directive is both very simple and very effective.
+* Ikiwiki documentation is great (for other tools I tried, it is acceptable for using the static site, but poor for extending it).
+
+Well, this post was meant to congratulate [[joey]] and every ikiwiki contributors: its design is great (I already used "great" a few times, sorry for my poor vocabulary). What next? I can hope that every single user and contributor of ikiwiki decide to rewrite it in Python3 (to keep the great ideas, integrate some more modern tools, and avoid a fork), or, to be more realistic, I could go back in time to convince/bribe/coerce Joey to write it in Python (which would not solve everything, but would make it easier for me to contribute). A more serious path would be to have a look at [staticsite](https://github.com/spanezz/staticsite/) which is written by Enrico Zini, who seems to want the same thing I want: a "more modern" ikiwiki.
+
+-- Louis

remove template that does not belong here
Finnish translation of another template, this is not the place to put
it. The ikiwiki-l10n can iirc manage such translations.
diff --git a/doc/templates/tiimi.mdwn b/doc/templates/tiimi.mdwn
deleted file mode 100644
index e9b65e813..000000000
--- a/doc/templates/tiimi.mdwn
+++ /dev/null
@@ -1,20 +0,0 @@
-[[!templatebody <<ENDBODY
-
-<table border="1">
-<tr><th colspan="4"><TMPL_VAR nimi></th></tr>
-
-<TMPL_IF status>
-<tr><td>Status:</td><td colspan="3"></td></td>
-</TMPL_IF>
-<TMPL_IF erityistä>
-<tr><td>Erityistä:</td><td colspan="3"></td></td>
-</TMPL_IF>
-
-<tr><td>Sidosryhmät / asiakkaat</td><td>Aiheet</td><td>Vastuuhenkilöt</td><td>Jäsenet</td></tr>
-<tr><td><TMPL_VAR asiakkaat</td><td><TMPL_VAR aiheet></td><td><TMPL_VAR vastuuhenkilöt></td><td><TMPL_VAR jäsenet></td></tr>
-</table>
-
-ENDBODY]]
-
-Pakolliset parametrit: nimi, asiakkaat, aiheet, vastuuhenkilöt, jäsenet
-Valinnaiset parametrit: status, erityistä

parametrien dokumentointi
diff --git a/doc/templates/tiimi.mdwn b/doc/templates/tiimi.mdwn
index fc20cf58e..e9b65e813 100644
--- a/doc/templates/tiimi.mdwn
+++ b/doc/templates/tiimi.mdwn
@@ -11,7 +11,10 @@
 </TMPL_IF>
 
 <tr><td>Sidosryhmät / asiakkaat</td><td>Aiheet</td><td>Vastuuhenkilöt</td><td>Jäsenet</td></tr>
-<tr><td></td><td><TMPL_VAR aiheet></td><td><TMPL_VAR vastuuhenkilöt></td><td><TMPL_VAR jäsenet></td></tr>
+<tr><td><TMPL_VAR asiakkaat</td><td><TMPL_VAR aiheet></td><td><TMPL_VAR vastuuhenkilöt></td><td><TMPL_VAR jäsenet></td></tr>
 </table>
 
 ENDBODY]]
+
+Pakolliset parametrit: nimi, asiakkaat, aiheet, vastuuhenkilöt, jäsenet
+Valinnaiset parametrit: status, erityistä

First post
diff --git a/doc/templates/tiimi.mdwn b/doc/templates/tiimi.mdwn
new file mode 100644
index 000000000..fc20cf58e
--- /dev/null
+++ b/doc/templates/tiimi.mdwn
@@ -0,0 +1,17 @@
+[[!templatebody <<ENDBODY
+
+<table border="1">
+<tr><th colspan="4"><TMPL_VAR nimi></th></tr>
+
+<TMPL_IF status>
+<tr><td>Status:</td><td colspan="3"></td></td>
+</TMPL_IF>
+<TMPL_IF erityistä>
+<tr><td>Erityistä:</td><td colspan="3"></td></td>
+</TMPL_IF>
+
+<tr><td>Sidosryhmät / asiakkaat</td><td>Aiheet</td><td>Vastuuhenkilöt</td><td>Jäsenet</td></tr>
+<tr><td></td><td><TMPL_VAR aiheet></td><td><TMPL_VAR vastuuhenkilöt></td><td><TMPL_VAR jäsenet></td></tr>
+</table>
+
+ENDBODY]]

improve reply wording with a crosslink
diff --git a/doc/todo/Restrict_page_viewing.mdwn b/doc/todo/Restrict_page_viewing.mdwn
index d40cee6d1..69b15a187 100644
--- a/doc/todo/Restrict_page_viewing.mdwn
+++ b/doc/todo/Restrict_page_viewing.mdwn
@@ -41,6 +41,7 @@ much more maintainable htaccess file.
 >>>>> If you use the httpauth and the cgiauthurl method, you can restrict a path 
 >>>>> like /private/* to be accessible only under the authenticated request uri.
 
->>>>>> Note that if editing is enabled, then you should set the restriction in locked_pages too
+>>>>>> Note that if editing is enabled, then you should set the restriction in
+>>>>>> [[plugins/lockedit]]'s locked_pages too
 >>>>>> or they may be able to view pages by editing the page= value in the editor's
 >>>>>> query string. --[mjr](http://mjr.towers.org.uk/)

Try to explain editor loophole to viewing restrictions
diff --git a/doc/todo/Restrict_page_viewing.mdwn b/doc/todo/Restrict_page_viewing.mdwn
index 20b59cb13..d40cee6d1 100644
--- a/doc/todo/Restrict_page_viewing.mdwn
+++ b/doc/todo/Restrict_page_viewing.mdwn
@@ -40,3 +40,7 @@ much more maintainable htaccess file.
 
 >>>>> If you use the httpauth and the cgiauthurl method, you can restrict a path 
 >>>>> like /private/* to be accessible only under the authenticated request uri.
+
+>>>>>> Note that if editing is enabled, then you should set the restriction in locked_pages too
+>>>>>> or they may be able to view pages by editing the page= value in the editor's
+>>>>>> query string. --[mjr](http://mjr.towers.org.uk/)

typo fixed
diff --git a/doc/tips/optimising_ikiwiki.mdwn b/doc/tips/optimising_ikiwiki.mdwn
index 0c67e606c..2999573ac 100644
--- a/doc/tips/optimising_ikiwiki.mdwn
+++ b/doc/tips/optimising_ikiwiki.mdwn
@@ -207,7 +207,7 @@ The best way to do it is:
 
 * Install [[!cpan Devel::NYTProf]]
 * `PERL5OPT=-d:NYTProf`
-* `export PER5OPT`
+* `export PERL5OPT`
 * Now run ikiwiki as usual, and it will generate a `nytprof.out` file.
 * Run `nytprofhtml` to generate html files.
 * Those can be examined to see what parts of ikiwiki are being slow.

diff --git a/doc/tips/optimising_ikiwiki/discussion.mdwn b/doc/tips/optimising_ikiwiki/discussion.mdwn
index 2b043787a..f8c01fe51 100644
--- a/doc/tips/optimising_ikiwiki/discussion.mdwn
+++ b/doc/tips/optimising_ikiwiki/discussion.mdwn
@@ -18,3 +18,5 @@ What do I do now? Where is the TROUBLESHOOTING file located? --[[users/svetlana]
 
 
 Found <https://metacpan.org/pod/Devel::NYTProf#%22Profile-data-incomplete,-...%22-or-%22Profile-format-error:-...%22>, however, "export NYTPROF=sigexit=1" does not help either. Running "unset PER5OPT" before running nytprofhtml does not help either as well. That leaves this problem unsolved still. --[[users/svetlana]] Fri Feb  2 08:03:13 2018
+
+Fixed by exporting "PERL5OPT" rather than "PER5OPT"; fixing typo in documentation... --[[users/svetlana]]

more details
diff --git a/doc/tips/optimising_ikiwiki/discussion.mdwn b/doc/tips/optimising_ikiwiki/discussion.mdwn
index 0bb863471..2b043787a 100644
--- a/doc/tips/optimising_ikiwiki/discussion.mdwn
+++ b/doc/tips/optimising_ikiwiki/discussion.mdwn
@@ -15,3 +15,6 @@ Following the steps "Install Devel::NYTProf. PERL5OPT=-d:NYTProf. export PER5OPT
 Typing "export NYTPROF=sigexit=int,hup,pipe,bus,segv,term" and repeating ikiwiki and nytprofhtml commands has no effect.
 
 What do I do now? Where is the TROUBLESHOOTING file located? --[[users/svetlana]]
+
+
+Found <https://metacpan.org/pod/Devel::NYTProf#%22Profile-data-incomplete,-...%22-or-%22Profile-format-error:-...%22>, however, "export NYTPROF=sigexit=1" does not help either. Running "unset PER5OPT" before running nytprofhtml does not help either as well. That leaves this problem unsolved still. --[[users/svetlana]] Fri Feb  2 08:03:13 2018

NYTProf: Profile data incomplete, inflate error -5 ((null))
diff --git a/doc/tips/optimising_ikiwiki/discussion.mdwn b/doc/tips/optimising_ikiwiki/discussion.mdwn
new file mode 100644
index 000000000..0bb863471
--- /dev/null
+++ b/doc/tips/optimising_ikiwiki/discussion.mdwn
@@ -0,0 +1,17 @@
+# Profile data incomplete
+
+Following the steps "Install Devel::NYTProf. PERL5OPT=-d:NYTProf. export PER5OPT. Now run ikiwiki as usual, and it will generate a nytprof.out file. Run nytprofhtml to generate html files.", get the following error message:
+
+    [svetlana /home/private/wiki]$ PERL5OPT=-d:NYTProf
+    [svetlana /home/private/wiki]$ export PER5OPT
+    [svetlana /home/private/wiki]$ ikiwiki --setup ikiwiki.setup 
+    skipping bad filename free/To-dos.mdwn~
+    [svetlana /home/private/wiki]$ nytprofhtml
+    Reading nytprof.out
+    Profile data incomplete, inflate error -5 ((null)) at end of input file, perhaps the process didn't exit cleanly or the
+     file has been truncated  (refer to TROUBLESHOOTING in the documentation)
+    [svetlana /home/private/wiki]$ 
+
+Typing "export NYTPROF=sigexit=int,hup,pipe,bus,segv,term" and repeating ikiwiki and nytprofhtml commands has no effect.
+
+What do I do now? Where is the TROUBLESHOOTING file located? --[[users/svetlana]]

diff --git a/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn b/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn
index c2ea4f26d..c21b9668d 100644
--- a/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn
+++ b/doc/bugs/imagemagick_6.9.8_test_suite_failure.mdwn
@@ -53,3 +53,14 @@ Is this is a known problem and is there maybe a fix for this issue?
 > Please try re-running the test with better diagnostics using
 > [commit 4ace7dbb7](http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=4ace7dbb7)
 > and report what it says. --[[smcv]]
+
+>> I see the same issue on Fedora, with ImageMagic 6.9.9-19:
+>> 
+>>     #   Failed test at t/img.t line 119.
+>>     #          got: 'no image: Exception 435: unable to open image `:t/tmp/out/imgconversions/10x-redsquare.png': No such file or directory @ error/blob.c/OpenBlob/2701'
+>>     #     expected: '10x10'
+>>     [...]
+>> 
+>> So it seems, that an empty coder prefix is not accepted anymore. To me it seems that [this commit](https://github.com/ImageMagick/ImageMagick/commit/4bc9b6b) changed the behavior. Unfortunately, the commit message doens't tell us about the reasons behind. The commit is included from version 6.9.8-3 on.
+
+

urlfix
diff --git a/doc/users/svetlana.mdwn b/doc/users/svetlana.mdwn
index cdddd6629..9d309e0dd 100644
--- a/doc/users/svetlana.mdwn
+++ b/doc/users/svetlana.mdwn
@@ -1,6 +1,6 @@
 I speak English and Russian. I use ikiwiki at [my personal site](http://svetlana.nfshost.com).
 
-I also help a few software projects localize their documentation -- [guppy](http://guppy.branchable.com).
+I also help a few software projects localize their documentation -- [guppy](http://guppy.branchable.com/index.en.html).
 
 I enjoy ikiwiki.
 

update
diff --git a/doc/users/svetlana.mdwn b/doc/users/svetlana.mdwn
index 6fca6dc1d..cdddd6629 100644
--- a/doc/users/svetlana.mdwn
+++ b/doc/users/svetlana.mdwn
@@ -1,7 +1,8 @@
 I speak English and Russian. I use ikiwiki at [my personal site](http://svetlana.nfshost.com).
 
-I also help a few software projects localize their documentation -- [vy](http://vy.branchable.com) and [guppy](http://guppy.branchable.com).
+I also help a few software projects localize their documentation -- [guppy](http://guppy.branchable.com).
 
 I enjoy ikiwiki.
 
 I am testing the po and osm plugins.
+

%?
diff --git a/doc/ikiwiki/directive/img/discussion.mdwn b/doc/ikiwiki/directive/img/discussion.mdwn
index 6fc28e75e..03cd4e6b3 100644
--- a/doc/ikiwiki/directive/img/discussion.mdwn
+++ b/doc/ikiwiki/directive/img/discussion.mdwn
@@ -32,3 +32,7 @@ It does show a clickable question mark for ikiwiki.cgi?page=utah-2006-100-180.pn
 I have a local copy of the [[rcs/Git]] page.  After installing the `imagemagick-perl` package some of the elements display and others are missing including the page outlines with turned corners and all of the yellow folders.  Ideas?
 
 -- [[RonParker]]
+
+# Percentage size
+
+Would like an image to occupy 50% of the page width. Is this available? With what syntax? --[[svetlana]]

Auto-remove tag pages?
diff --git a/doc/plugins/tag/discussion.mdwn b/doc/plugins/tag/discussion.mdwn
index dfd749252..ad6b8d6ff 100644
--- a/doc/plugins/tag/discussion.mdwn
+++ b/doc/plugins/tag/discussion.mdwn
@@ -29,3 +29,8 @@ See [[todo/auto-create tag pages according to a template]]
 -- Jeremy Schultz <jeremy.schultz@uleth.ca>
 
 `tag_autocreate` can now enable this. --[[Joey]] 
+
+
+# Auto-remove tag pages?
+
+When zero pages are tagged with a particular tag, its page could be auto-removed. Would that make sense? Doesn't look like this is already implemented. --[[user/svetlana]]

diff --git a/doc/plugins/rename/discussion.mdwn b/doc/plugins/rename/discussion.mdwn
index ff172e728..8412f0561 100644
--- a/doc/plugins/rename/discussion.mdwn
+++ b/doc/plugins/rename/discussion.mdwn
@@ -9,3 +9,7 @@ Expected result, updated link inside of the page from 'baz2.png' to a relative o
 Actual result, the link inside of the page is not updated. It stays a broken link.
 
 --[[svetlana]]
+
+# Can not rename individual attachments files
+
+It looks like I can not rename/move individual attachments files (those that are not pages) using the web interface. I need to do this on the fs. Perhaps that's intended but I am not sure. --[[svetlana]]

diff --git a/doc/plugins/rename/discussion.mdwn b/doc/plugins/rename/discussion.mdwn
new file mode 100644
index 000000000..ff172e728
--- /dev/null
+++ b/doc/plugins/rename/discussion.mdwn
@@ -0,0 +1,11 @@
+# Bug with attachments in parent directory
+
+1. Create page '/foo', attach file baz2.png (it will be 'foo/baz2.png')
+1. Create '/foo/bar' page with '[[baz2.png]]' contents, this works and shows the image
+1. Rename /foo/bar to /iliketrains/bar
+
+Expected result, updated link inside of the page from 'baz2.png' to a relative or absolute path that works.
+
+Actual result, the link inside of the page is not updated. It stays a broken link.
+
+--[[svetlana]]

okay, sorry about that
This reverts commit b7263302c7d74d25b15f87359a633fc3cca857a3
diff --git a/doc/index.mdwn b/doc/index.mdwn
index 7050f9779..e0e401656 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -10,7 +10,7 @@ array of [[plugins]].
 Alternatively, think of ikiwiki as a particularly flexible static
 site generator with some dynamic features.
 
-. .
+
 
 ## using ikiwiki
 

Testing if this is really so easily editable by the public? (my ikiwiki 'instance' is) How is it not constantly being riddled with spam?
diff --git a/doc/index.mdwn b/doc/index.mdwn
index e0e401656..7050f9779 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -10,7 +10,7 @@ array of [[plugins]].
 Alternatively, think of ikiwiki as a particularly flexible static
 site generator with some dynamic features.
 
-
+. .
 
 ## using ikiwiki
 

404, no 'wmd'
diff --git a/doc/plugins/wmd/discussion.mdwn b/doc/plugins/wmd/discussion.mdwn
index 191004dc3..7b5b1d7d0 100644
--- a/doc/plugins/wmd/discussion.mdwn
+++ b/doc/plugins/wmd/discussion.mdwn
@@ -20,3 +20,5 @@ Other conversations:
 >> on line 247.  --[[simonraven]]
 
 >>> Well, I re-figured out that I needed a TMPL_VAR FOO in the template(s). --[[simonraven]]
+
+<https://code.google.com/archive/p/pagedown/> is 404, <https://github.com/edrohler/pagedown-core> claims to be its copy but it does not have 'wmd' directory inside. What are the current steps to follow here? --[[svetlana]]

move main documentation to converter's README file
diff --git a/doc/tips/convert_moinmoin_to_ikiwiki.mdwn b/doc/tips/convert_moinmoin_to_ikiwiki.mdwn
index 142a8e81f..40f01aa51 100644
--- a/doc/tips/convert_moinmoin_to_ikiwiki.mdwn
+++ b/doc/tips/convert_moinmoin_to_ikiwiki.mdwn
@@ -10,101 +10,4 @@ The MoinMoin side of things was completely re-written by [[anarcat]] and is curr
 
 It doesn't feature support to migrate from Tikiwiki anymore and focuses on MoinMoin support.
 
-Issues can be filed on the [project page](https://gitlab.com/anarcat/moin2iki/).
-
-[[!toc levels=2]]
-
-## Usage
-
-Usage instructions are in the `README` file.
-
-## MoinMoin importer features
-
- * supports latest MoinMoin versions (tested with 1.9.x)
- * uses `git fast-import` to improve performance (10 minutes and 200M of ram for a 7 years old 2GB Moinmoin wiki)
- * multistep process allows bulk edit through git before markdown conversion, or staying with a 
- * imports attachments as subpages
- * uses the per-page edit log
- * consistent: multiple runs will generate the same repository
- * re-entrant: can be run multiple times to import new changes
-
-## MoinMoin converter features
-
- * most of the inline markup
- * links
- * attachment links
- * smileys
- * images (not well tested), into [[ikiwiki/directive/img]]
- * preformatted and code areas, including [[ikiwiki/directive/format]]
- * ordered, unordered and definition lists
- * tables (although only with HTML and no styles)
-
-### Supported macros
-
- * TableOfContents, through [[ikiwiki/directive/toc]]
- * Navigation, through [[ikiwiki/directive/map]] (so as a nested
-   vertical list instead of an horizontal list)
- * PageList, through [[ikiwiki/directive/map]]
- * MonthCalendar, partially, through [[ikiwiki/directive/calendar]]
- * FootNote, through multimarkdown (`[^foo]` → `[^foo]: this is the footnote`)
- * Anchor, through markdown and plain HTML
- * `<<BR>>`, through the weird line ending thing
- * AttachList, through a weird [[ikiwiki/directive/inline]]
- * FullSearch, partially, only through [[ikiwiki/directive/inline]] (so no textual search)
- * Include, partially through [[ikiwiki/directive/inline]] (so missing boundary extraction and heading level generation)
- * PageCount, same name even :)
- * OrphanedPages, through [[ikiwiki/directive/orphans]]
- * Date and Datetime, should be through [[plugins/date]] instead of
-   current hack
-
-### Supported parsers
-
- * the main "moin wiki" markup
- * highlight parser, through the [[plugins/format]] plugin
- * other parsers may be supported if an equivalent plugin exists in Ikiwiki (example: [[plugins/rst]])
-
-## Current blocker
-
-This script is being used to test the conversion of the venerable [Koumbit wiki](https://wiki.koumbit.net/) into Ikiwiki, and so far progress is steady but difficult. The current blocker is:
-
- * figuring out exactly which pages should exist and which should not, as there is ambiguity in the internal datastructures of MoinMoin, which become apparent when running the conversion script, as files a missing
-
-## Todos
-
-There are also significant pieces missing:
-
- * inline parsers and hackish styled tables
- * turn categories into tags
- * name converted page to the right name depending on the `#format` parameter on top of page
- * finish a full converter run on the Koumbitwiki
- * improve the output of the converter (too much debugging)
-
-## MoinMoin features missing from ikiwiki
-
-The importer is pretty much complete, but the converter can only go so far as what features ikiwiki supports. Here are the MoinMoin features that are known to be missing from ikiwiki. Note that some of those features are available in MoinMoin only through third-party extensions.
-
- * [[todo/do_not_make_links_backwards/]] - MoinMoin and Creole use `\[[link|text]]`, while ikiwiki uses `\[[text|link]]` - for now the converter generates [[markdown]] links so this is not so much an issue, but will freak out users
- * [[todo/internal_definition_list_support/]] - includes tabling the results ([MoinMoin's DictColumns macro](http://moinmo.in/MacroMarket/DictColumns))
- * [[todo/per page ACLs]] - ([MoinMoin's ACLs](http://moinmo.in/HelpOnAccessControlLists))
- * [MailTo](http://moinmo.in/HelpOnMacros/MailTo) macro spam protection
- * list pages based on full text page search
- * extract part of other pages with the inline macro
- * specifying a template when creating a page (as opposed to matching a pagespec)
- * specifying a style for a sub-section (MoinMoin's inline parsers
-   allow the user to specify a CSS class - very useful see
-   [the documentation](http://moinmo.in/HelpOnMoinWikiSyntax#Using_the_wiki_parser_with_css_classes)
-   to get an idea)
- * the above also keeps the SectionParser from being properly supported
- * regex matching all over the place: pagespec, basically, but all
-   full text search (which is missing anyways, see above)
-
-### Missing macros
-
- * RandomPage(N) - lists N random pages, skipped
- * Gallery() - skipped
- * Gettext - translates the string accordign to internal translation
-   system, ignored
- * AdvancedSearch - an elaborate search form provided by MoinMoin
- * Goto - a simple "jump to page" macro
-
-Comments and feedback always welcome! --[[anarcat]]
+Issues can be filed on the [project page](https://gitlab.com/anarcat/moin2iki/), where more information about features, installation and usage is available as well. -- [[anarcat]]

repository was moved
diff --git a/doc/tips/convert_moinmoin_to_ikiwiki.mdwn b/doc/tips/convert_moinmoin_to_ikiwiki.mdwn
index 492418b5a..142a8e81f 100644
--- a/doc/tips/convert_moinmoin_to_ikiwiki.mdwn
+++ b/doc/tips/convert_moinmoin_to_ikiwiki.mdwn
@@ -6,11 +6,11 @@ The converter was originally written by [[JoshTriplett]] and included support fo
 
 The MoinMoin side of things was completely re-written by [[anarcat]] and is currently still in development. That version is available at:
 
-    git clone git://git.koumbit.net/moin2iki.git
+    git clone https://gitlab.com/anarcat/moin2iki/
 
 It doesn't feature support to migrate from Tikiwiki anymore and focuses on MoinMoin support.
 
-Issues can be filed in the redmine bugtracker: <https://redmine.koumbit.net/projects/moin2iki>
+Issues can be filed on the [project page](https://gitlab.com/anarcat/moin2iki/).
 
 [[!toc levels=2]]
 

Added a comment: Todo already exists for `basename`
diff --git a/doc/forum/Most_TMPL__95__VAR_variables_are_empty_in_a_template/comment_2_7dba0f1345260aa27d89bcd3526d5c10._comment b/doc/forum/Most_TMPL__95__VAR_variables_are_empty_in_a_template/comment_2_7dba0f1345260aa27d89bcd3526d5c10._comment
new file mode 100644
index 000000000..1c5590ecc
--- /dev/null
+++ b/doc/forum/Most_TMPL__95__VAR_variables_are_empty_in_a_template/comment_2_7dba0f1345260aa27d89bcd3526d5c10._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="vegardv@75ae889e836bda8ce69bc038d8335c398a2f6f40"
+ nickname="vegardv"
+ avatar="http://cdn.libravatar.org/avatar/b35da1da5c23c19063f73defc0431ab0"
+ subject="Todo already exists for `basename`"
+ date="2018-01-10T08:54:27Z"
+ content="""
+https://ikiwiki.info/todo/Add_basename_in_edittemplate/
+"""]]

co-maintainer opinion
diff --git a/doc/todo/consider_using_python3_for_rst_plugin.mdwn b/doc/todo/consider_using_python3_for_rst_plugin.mdwn
index 5135d153a..b95dff641 100644
--- a/doc/todo/consider_using_python3_for_rst_plugin.mdwn
+++ b/doc/todo/consider_using_python3_for_rst_plugin.mdwn
@@ -15,3 +15,11 @@ by changing the source rather than by using `sed` after installation. I didn't a
 change upstream immediately to give other maintainers a chance to comment. Thoughts?
 
 --[[smcv]]
+
+> I can attest as a pkgsrc developer, where we try to build and package
+> software on all sorts of platforms (some old and wacky), that as long
+> as the relevant Pythons build on those platforms (and we tend to make
+> sure they do), I don't foresee any negative impact of your suggested
+> change to ikiwiki. Can't attest for other situations, but am generally
+> biased toward biting future bullets as early as possible.
+> --[[schmonz]]

Don't send relative redirect URLs when behind a reverse proxy
diff --git a/CHANGELOG b/CHANGELOG
index 1456810e0..0ffbd4579 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+ikiwiki (3.20180106) UNRELEASED; urgency=medium
+
+  * core: Don't send relative redirect URLs when behind a reverse proxy
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 08 Jan 2018 10:51:10 +0000
+
 ikiwiki (3.20180105) upstream; urgency=medium
 
   * emailauth: Fix cookie problem when user is on https and the cgiurl
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 64f5c6b8c..2c5b4a84d 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -91,7 +91,7 @@ sub redirect ($$) {
 	my $q=shift;
 	eval q{use URI};
 
-	my $topurl;
+	my $topurl = $config{cgiurl};
 	if (defined $q && ! $config{w3mmode} && ! $config{reverse_proxy}) {
 		$topurl = $q->url;
 	}
diff --git a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
index 58b4a0137..02c04900f 100644
--- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
+++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
@@ -42,11 +42,11 @@ that so as to have the path for letsencrypt negotiation not redirected.-- [[User
 > Is the connection between nginx and lighttpd http or https?
 >
 > I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
-> `reverse_proxy: 1`. I've added a failing test case marked as TODO to `t/relativity.t`,
-> although I haven't been able to fix the bug yet. The bug I found is that when marked
-> as behind a reverse proxy, `IkiWiki::redirect` sends `Location: /foo/bar/`, which
-> your backend web server might be misinterpreting. It should send
-> `Location: https://redacted/foo/bar/` instead.
+> `reverse_proxy: 1`: when marked as behind a reverse proxy,
+> `IkiWiki::redirect` sent `Location: /phd/foo/bar/`, which your backend web
+> server might be misinterpreting. ikiwiki git master now sends
+> `Location: https://redacted/phd/foo/bar/` instead: does that resolve this
+> for you?
 >
 > Assuming nginx has a reasonable level of configuration, you can redirect http to https
 > for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap
diff --git a/t/relativity.t b/t/relativity.t
index 3fd55375a..1dda19687 100755
--- a/t/relativity.t
+++ b/t/relativity.t
@@ -403,10 +403,7 @@ sub test_site6_behind_reverse_proxy {
 	like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
 	like($bits{basehref}, qr{^(?:(?:https:)?//example\.com)?/wiki/$});
 	like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
-	TODO: {
-	local $TODO = "https://ikiwiki.info/bugs/cgi_redirecting_to_non-https_URL/";
 	check_goto(qr{^https://example\.com/wiki/a/b/c/$}, HTTP_HOST => 'localhost');
-	}
 
 	# previewing a page
 	%bits = parse_cgi_content(run_cgi(is_preview => 1, HTTP_HOST => 'localhost'));

point to previous TODO entry
diff --git a/doc/todo/css_and_javascript_aggregation.mdwn b/doc/todo/css_and_javascript_aggregation.mdwn
index 4b3e5f766..7e38f7600 100644
--- a/doc/todo/css_and_javascript_aggregation.mdwn
+++ b/doc/todo/css_and_javascript_aggregation.mdwn
@@ -1,5 +1,7 @@
 One of the goals of using a static site generator like ikiwiki, for me, is not only future-proofing and portability, but also performance. By having a small set of HTML pages with a minimal theme, we can deliver raw content much faster than a traditional CMS. This does not, however, keep us from doing optimizations that those same CMS must do in order to deliver good page performance.
 
+> For the CSS case, this was already proposed at [[todo/concatenating or compiling CSS]] --[[smcv]]
+
 Take, for example, this [performance report of the main ikiwiki site](https://gtmetrix.com/reports/ikiwiki.info/rwUIfK6d). For a very minimal site, it is still making 8 requests and taking ~700ms to load. That's quite fast, but it could probably be cut down to 400ms if CSS and JS were aggregated. If you look at [my homepage](https://gtmetrix.com/reports/anarc.at/uAkMmZaT) the results are worse, because I have larger JS and CSS files: the impact is therefore much bigger and we're looking at 2000ms load times. (Obviously, part of the problem here is the slowness of the uplink here, but one could argue the same problem would occur for downstream users that have a slower connexion.)
 
 One of the recommendations "YSlow" is giving is "Make fewer HTTP requests":

this is a web server configuration issue rather than a bug in the ikiwiki code
diff --git a/doc/bugs/Login_should_redirect_to_secure_version_of_site.mdwn b/doc/bugs/Login_should_redirect_to_secure_version_of_site.mdwn
index 7c2c501b7..ae53fc5b3 100644
--- a/doc/bugs/Login_should_redirect_to_secure_version_of_site.mdwn
+++ b/doc/bugs/Login_should_redirect_to_secure_version_of_site.mdwn
@@ -7,3 +7,26 @@ Steps to reproduce:
 Firefox gives all kinds of warnings for unencrypted login pages.
 
 The fix is for the login page to redirect to the https version of the wiki before showing the login form.
+
+> This is web server configuration for those sites, so not really a bug in the
+> ikiwiki software. If you run an ikiwiki instance and you have a browser-trusted certificate,
+> I would recommend:
+>
+> * setting the `url` and `cgiurl` options to `https://...`
+> * configuring your web server (frontend web server if you are using a reverse-proxy)
+>   to redirect from `http://...` to `https://...` automatically, possibly excluding
+>   `/.well-known/acme-challenge/` to make it easier to bootstrap Let's Encrypt certificates
+>
+> In [ikiwiki-hosting](https://ikiwiki-hosting.branchable.com/) the latter can be achieved
+> by setting the `redirect_to_https` option to `1`.
+>
+> When not using ikiwiki-hosting, the ikiwiki software does not control the web server
+> configuration, so it can't do this for you. The CGI script could redirect from http
+> to https if it knew you had a browser-trusted certificate, but it can't know that
+> unless you tell it (by setting `url` and `cgiurl`), and there's the potential for
+> infinite redirect loops in misconfigured reverse-proxy setups if it did that
+> (see [[bugs/login problem redux]]), so I think this is better solved at the web
+> server level.
+>
+> The operator of ikiwiki.info and branchable.com can change the web server
+> configuration for those sites, but other ikiwiki developers can't. --[[smcv]]

failing test (marked TODO) now present
diff --git a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
index f27e75fcb..58b4a0137 100644
--- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
+++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
@@ -23,6 +23,10 @@ Response Headers
     Status: 302 Found
     Location: http://redacted/phd/blog/38th_Dec/?updated#comment-bd0549eb2464b5ca0544f68e6c32221e
 
+> Your form submission was in fact done successfully. The failing redirection to http is
+> when ikiwiki follows up the successful edit by redirecting you from the form submission
+> URL to the updated page, which is done by `IkiWiki::redirect`. --[[smcv]]
+
 The CGI is served by lighttpd, but the whole site is front-ended by nginx, which reverse-proxies to lighttpd.
 
 ----
@@ -38,7 +42,11 @@ that so as to have the path for letsencrypt negotiation not redirected.-- [[User
 > Is the connection between nginx and lighttpd http or https?
 >
 > I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
-> `reverse_proxy: 1`. I'm in the process of adding a test case in `t/relativity.t`.
+> `reverse_proxy: 1`. I've added a failing test case marked as TODO to `t/relativity.t`,
+> although I haven't been able to fix the bug yet. The bug I found is that when marked
+> as behind a reverse proxy, `IkiWiki::redirect` sends `Location: /foo/bar/`, which
+> your backend web server might be misinterpreting. It should send
+> `Location: https://redacted/foo/bar/` instead.
 >
 > Assuming nginx has a reasonable level of configuration, you can redirect http to https
 > for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap

diff --git a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
index 217aa336d..f27e75fcb 100644
--- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
+++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
@@ -38,7 +38,7 @@ that so as to have the path for letsencrypt negotiation not redirected.-- [[User
 > Is the connection between nginx and lighttpd http or https?
 >
 > I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
-> `reverse_proxy: 1`. I'm in the process of adding a 
+> `reverse_proxy: 1`. I'm in the process of adding a test case in `t/relativity.t`.
 >
 > Assuming nginx has a reasonable level of configuration, you can redirect http to https
 > for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap

test case potentially in progress
diff --git a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
index abdc676a0..217aa336d 100644
--- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
+++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
@@ -31,3 +31,15 @@ I think this might be to do with nginx not rewriting POST URLs when reverse-prox
 they would be generated in an HTTP form in any case, except perhaps by lighttpd's CGI handler since the back
 end is HTTP. A workaround is for nginx to redirect any HTTP URI to the HTTPS equivalent. I initially disabled
 that so as to have the path for letsencrypt negotiation not redirected.-- [[Users/Jon]]
+
+> Do you have the `reverse_proxy` option set to 1? (It affects how ikiwiki generates
+> self-referential URLs).
+>
+> Is the connection between nginx and lighttpd http or https?
+>
+> I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
+> `reverse_proxy: 1`. I'm in the process of adding a 
+>
+> Assuming nginx has a reasonable level of configuration, you can redirect http to https
+> for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap
+> ACME negotiation. --[[smcv]]

I'm not sure this can be solved without web server configuration
diff --git a/doc/bugs/login_problem_redux.mdwn b/doc/bugs/login_problem_redux.mdwn
index 559782ec8..20a4d407a 100644
--- a/doc/bugs/login_problem_redux.mdwn
+++ b/doc/bugs/login_problem_redux.mdwn
@@ -1,12 +1,71 @@
 Following up on [[login_problem]], there's still some problems mixing https
 and http logins on sites that allow both and don't redirect http to https.
 
+> I think the only good solution to this is to configure web servers to
+> redirect http to https, which is outside the scope of the ikiwiki
+> software (but would be a useful configuration change on sites like
+> ikiwiki.info). Redirecting from CGI code is problematic because
+> reverse-proxies are a thing; see below. --[[smcv]]
+
 If the user logs in on https first, their cookie is https-only. If they
 then open the http site and do something that needs them logged in, it will
 try to log them in again. But, the https-only cookie is apparently not
 replaced by the http login cookie. The login will "succeed", but the cookie
 is inaccessible over https and so they'll not be really logged in.
 
+> Mitigation: If you have a browser-trusted certificate (which lots of
+> people do now, because Let's Encrypt exists), setting the `cgiurl` to
+> `https://...` will result in the CGI (which is the only part that
+> needs cookies) being accessed via https whenever the user follows
+> links from static content.
+> (`test_site4_cgi_is_secure_static_content_doesnt_have_to_be` in
+> `t/relativity.t`.)
+>
+> In the past I've wondered whether to add a distinction between
+> authenticating and unauthenticating CGI URLs, so that on sites that
+> don't particularly care about eavesdropping, anonymous/read-only actions
+> like `?do=goto` can go via `http`, but write actions and actions that
+> are usually authenticated like `?do=edit` go via `https`. However, in
+> 2018 with Let's Encrypt widely available, it seems reasonable to just
+> use `https` for all CGI accesses.
+> --[[smcv]]
+
 I think that the only fix for this is make the login page redirect from
 http to https, and for it to return to the https version of the page that
 prompted the login. --[[Joey]]
+
+> Redirecting the login page from http to https inside ikiwiki.cgi is
+> problematic, because ikiwiki can't reliably know whether it was already
+> accessed via https. If there is a reverse-proxy in use but the site admin
+> has not set the `reverse_proxy` option (which is not *always* necessary
+> even behind reverse proxies AIUI, and I suspect some reverse-proxied sites
+> haven't set it correctly), then ikiwiki.cgi would infinitely redirect back
+> to itself.
+>
+> For example, suppose your frontend web server is example.com and your
+> ikiwiki backend is 127.0.0.1:8080.
+>
+> * frontend web server sees an access to http://example.com/ikiwiki.cgi
+> * frontend web server reverse-proxies it to http://127.0.0.1:8080/ikiwiki.cgi
+> * backend web server invokes ikiwiki.cgi with `HTTPS` environment variable
+>   undefined
+> * ikiwiki.cgi thinks "I'm being accessed via plain http" (this time correctly,
+>   as it happens)
+> * ikiwiki.cgi sends a redirect to https://example.com/ikiwiki.cgi
+> * {1} web browser follows redirect
+> * frontend web server sees an access to https://example.com/ikiwiki.cgi
+> * frontend web server reverse-proxies it to http://127.0.0.1:8080/ikiwiki.cgi
+> * backend web server invokes ikiwiki.cgi with `HTTPS` environment variable
+>   undefined
+> * ikiwiki.cgi thinks "I'm being accessed via plain http" (this time incorrectly!)
+> * ikiwiki.cgi sends a redirect to https://example.com/ikiwiki.cgi
+> * goto {1}
+>
+> I think this redirection is better achieved via web server configuration, like
+> the Apache configuration set up by `redirect_to_https: 1` in
+> [ikiwiki-hosting](https://ikiwiki-hosting.branchable.com/).
+>
+> If you change ikiwiki's behaviour in this area, please add test-cases to
+> `t/relativity.t` to cover the cases that changed.
+>
+> --[[smcv]]

bug
diff --git a/doc/bugs/login_problem_redux.mdwn b/doc/bugs/login_problem_redux.mdwn
new file mode 100644
index 000000000..559782ec8
--- /dev/null
+++ b/doc/bugs/login_problem_redux.mdwn
@@ -0,0 +1,12 @@
+Following up on [[login_problem]], there's still some problems mixing https
+and http logins on sites that allow both and don't redirect http to https.
+
+If the user logs in on https first, their cookie is https-only. If they
+then open the http site and do something that needs them logged in, it will
+try to log them in again. But, the https-only cookie is apparently not
+replaced by the http login cookie. The login will "succeed", but the cookie
+is inaccessible over https and so they'll not be really logged in.
+
+I think that the only fix for this is make the login page redirect from
+http to https, and for it to return to the https version of the page that
+prompted the login. --[[Joey]]

open
diff --git a/doc/todo/consider_using_python3_for_rst_plugin.mdwn b/doc/todo/consider_using_python3_for_rst_plugin.mdwn
new file mode 100644
index 000000000..5135d153a
--- /dev/null
+++ b/doc/todo/consider_using_python3_for_rst_plugin.mdwn
@@ -0,0 +1,17 @@
+Python 2 is officially unsupported after 2020, which is before the expected end-of-life
+date of the next round of long-term-stable distributions like Debian 10 and Ubuntu 18.04,
+so those distributions are encouraging all software that can migrate to Python 3 to do so.
+
+The down side of this is that it would make it harder to use the `rst` plugin on
+very old OS releases, or on OSs where Python 3 is available but doesn't have a `python3`
+symbolic link (if such OSs exist - [PEP 394](https://www.python.org/dev/peps/pep-0394/)
+says they shouldn't), or in shared hosting environments where Python 2 is installed but
+Python 3 isn't. (Mitigation: switching it to `python` or `python2` is a 1-line change.)
+
+For today's upload to Debian, I switched the `#!` line in the [[plugins/rst]] plugin
+to `#!/usr/bin/python3`. In upstream ikiwiki it would probably be more appropriate
+to use `#!/usr/bin/env python3`, and it would certainly be more appropriate to do it
+by changing the source rather than by using `sed` after installation. I didn't apply that
+change upstream immediately to give other maintainers a chance to comment. Thoughts?
+
+--[[smcv]]

Reinstate links on front page, removed by spam edits
diff --git a/doc/index.mdwn b/doc/index.mdwn
index 0122e489c..e0e401656 100644
--- a/doc/index.mdwn
+++ b/doc/index.mdwn
@@ -1,3 +1,5 @@
+[[!template id=links]]
+
 Ikiwiki is a **wiki compiler**. It converts wiki pages into HTML pages
 suitable for publishing on a website. Ikiwiki stores pages and history in a
 [[revision_control_system|rcs]] such as [[Subversion|rcs/svn]] or [[rcs/Git]].

add news item for ikiwiki 3.20180105
diff --git a/doc/news/version_3.20161229.1.mdwn b/doc/news/version_3.20161229.1.mdwn
deleted file mode 100644
index a09a3b2ac..000000000
--- a/doc/news/version_3.20161229.1.mdwn
+++ /dev/null
@@ -1,5 +0,0 @@
-ikiwiki 3.20161229.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * git: Attribute reverts to the user doing the revert, not the wiki
-     itself.
-   * git: Do not disable the commit hook while preparing a revert."""]]
\ No newline at end of file
diff --git a/doc/news/version_3.20180105.mdwn b/doc/news/version_3.20180105.mdwn
new file mode 100644
index 000000000..2082db897
--- /dev/null
+++ b/doc/news/version_3.20180105.mdwn
@@ -0,0 +1,12 @@
+ikiwiki 3.20180105 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * emailauth: Fix cookie problem when user is on https and the cgiurl
+     uses http, by making the emailed login link use https.
+   * passwordauth: Use https for emailed password reset link when user
+     is on https.
+   * Remove openid provider icons from login selector, since openid providers
+     are increasingly not working. Verisign retired theirs, and aol and
+     yahoo/flickr are not commonly used for openid. Any users who still
+     clicked those icons to login will need to instead enter their openid url.
+   * Updated German basewiki and directives translation from
+     Sebastian Kuhnert."""]]
\ No newline at end of file

add and use cgiurl_abs_samescheme
* emailauth: Fix cookie problem when user is on https and the cgiurl
uses http, by making the emailed login link use https.
* passwordauth: Use https for emailed password reset link when user
is on https.
Not entirely happy with this approach, but I don't currently see a
better one.
I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.
This commit was sponsored by Michael Magin.
diff --git a/IkiWiki.pm b/IkiWiki.pm
index 1eda16da1..0d87242eb 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1232,6 +1232,19 @@ sub cgiurl_abs (@) {
 	URI->new_abs(cgiurl(@_), $config{cgiurl});
 }
 
+# Same as cgiurl_abs, but when the user connected using https,
+# will be a https url even if the cgiurl is normally a http url.
+#
+# This should be used for anything involving emailing a login link,
+# because a https session cookie will not be sent over http.
+sub cgiurl_abs_samescheme (@) {
+	my $u=cgiurl_abs(@_);
+	if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off")) {
+		$u=~s/^http:/https:/i;
+	}
+	return $u
+}
+
 sub baseurl (;$) {
 	my $page=shift;
 
diff --git a/IkiWiki/Plugin/emailauth.pm b/IkiWiki/Plugin/emailauth.pm
index 9c595dc86..44311400a 100644
--- a/IkiWiki/Plugin/emailauth.pm
+++ b/IkiWiki/Plugin/emailauth.pm
@@ -76,7 +76,7 @@ sub email_auth ($$$$) {
 	$template->param(
 		wikiname => $config{wikiname},
 		# Intentionally using short field names to keep link short.
-		authurl => IkiWiki::cgiurl_abs(
+		authurl => IkiWiki::cgiurl_abs_samescheme(
 			'e' => $email,
 			'v' => $token,
 		),
diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 8d99cf2f6..cfa3ad418 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -358,7 +358,7 @@ sub formbuilder (@) {
 				my $template=template("passwordmail.tmpl");
 				$template->param(
 					user_name => $user_name,
-					passwordurl => IkiWiki::cgiurl_abs(
+					passwordurl => IkiWiki::cgiurl_abs_samescheme(
 						'do' => "reset",
 						'name' => $user_name,
 						'token' => $token,
diff --git a/debian/changelog b/debian/changelog
index 63e5f61d6..6cf509f9d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
 ikiwiki (3.20171002) UNRELEASED; urgency=medium
 
+  * emailauth: Fix cookie problem when user is on https and the cgiurl
+    uses http, by making the emailed login link use https.
+  * passwordauth: Use https for emailed password reset link when user
+    is on https.
   * Updated German basewiki and directives translation from
     Sebastian Kuhnert.
 
diff --git a/doc/bugs/login_problem.mdwn b/doc/bugs/login_problem.mdwn
index 0946a238f..14e3fb325 100644
--- a/doc/bugs/login_problem.mdwn
+++ b/doc/bugs/login_problem.mdwn
@@ -18,10 +18,21 @@ firefox-esr, or chromium. --[[Joey]]
 > Ok, to reproduce the problem: Log into joeyh.name using https. The email
 > login link is a http link. The session cookie was set https-only.
 > --[[Joey]]
-
+> 
+> The reason the edit form is able to be displayed is that emailauth
+> sets up a session, in getsession(), and that $session is used for the
+> remainder of that cgi call. But, a cookie for that session is not stored
+> in the browser in this case. Ikiwiki *does* send a session cookie, but
+> the browser seems to not let an existing https-only session cookie be
+> replaced by a new session cookie that can be used with http. (If the
+> emailed link, generated on https is opened in a different browser, this
+> problem doesn't happen.) There may have been a browser behavior change
+> here?
+> 
 > So what to do about this? Sites with the problem have `redirect_to_https: 0`
-> and the cgiurl is http not https. So when emailauth generates the url,
-> it's a http url, even if the user got to that point using https.
+> and the cgiurl is http not https. So when emailauth generates the url
+> with `cgiurl_abs`, it's a http url, even if the user got to that point
+> using https.
 > 
 > I suppose that emailauth could look at `$ENV{HTTPS}` same as
 > printheader() does, to detect this case, and rewrite the cgiurl as a
@@ -31,3 +42,12 @@ firefox-esr, or chromium. --[[Joey]]
 > 
 > Of course, the easy workaround, increasingly a good idea anyway, is to
 > enable `redirect_to_https`.. --[[Joey]]
+
+> One of the users also reported a problem with password reset, and
+> indeed, passwordauth is another caller of `cgiurl_abs`. (The only other
+> caller, notifyemail, is probably fine.) The emailed password reset link
+> also should be https if the user was using https. So, let's add a
+> `cgiurl_abs_samescheme` that both can use. --[[Joey]]
+
+[[fixed|done]].. At least I hope that was the thing actually preventing most
+of the people from logging in. --[[Joey]]

how to fix?
diff --git a/doc/bugs/login_problem.mdwn b/doc/bugs/login_problem.mdwn
index b9f70d755..0946a238f 100644
--- a/doc/bugs/login_problem.mdwn
+++ b/doc/bugs/login_problem.mdwn
@@ -18,3 +18,16 @@ firefox-esr, or chromium. --[[Joey]]
 > Ok, to reproduce the problem: Log into joeyh.name using https. The email
 > login link is a http link. The session cookie was set https-only.
 > --[[Joey]]
+
+> So what to do about this? Sites with the problem have `redirect_to_https: 0`
+> and the cgiurl is http not https. So when emailauth generates the url,
+> it's a http url, even if the user got to that point using https.
+> 
+> I suppose that emailauth could look at `$ENV{HTTPS}` same as
+> printheader() does, to detect this case, and rewrite the cgiurl as a
+> https url. Or, printheader() could just not set "-secure" on the cookie,
+> but that does degrade security as MITM can then steal the cookie you're
+> using on a https site.
+> 
+> Of course, the easy workaround, increasingly a good idea anyway, is to
+> enable `redirect_to_https`.. --[[Joey]]

think I cracked it
diff --git a/doc/bugs/login_problem.mdwn b/doc/bugs/login_problem.mdwn
index 1a9e7650e..b9f70d755 100644
--- a/doc/bugs/login_problem.mdwn
+++ b/doc/bugs/login_problem.mdwn
@@ -8,8 +8,13 @@ It doesn't seem limited to any login method; email and password have both
 been said not to work. (Openid too, but could be openid provider problem
 there.)
 
-I have not managed to reproduce the problem myself. --[[Joey]]
+I have not managed to reproduce the problem myself, using firefox,
+firefox-esr, or chromium. --[[Joey]]
 
 > Otto Kekäläinen described to me a problem where email login to post a
 > comment seemed to work; it displayed the comment edit form; but posting
-> the form went back to the login page. Cookie problem? --[[Joey]]
+> the form went back to the login page. Cookie problem?
+> 
+> Ok, to reproduce the problem: Log into joeyh.name using https. The email
+> login link is a http link. The session cookie was set https-only.
+> --[[Joey]]

update
diff --git a/doc/bugs/login_problem.mdwn b/doc/bugs/login_problem.mdwn
index 374fb51dc..1a9e7650e 100644
--- a/doc/bugs/login_problem.mdwn
+++ b/doc/bugs/login_problem.mdwn
@@ -9,3 +9,7 @@ been said not to work. (Openid too, but could be openid provider problem
 there.)
 
 I have not managed to reproduce the problem myself. --[[Joey]]
+
+> Otto Kekäläinen described to me a problem where email login to post a
+> comment seemed to work; it displayed the comment edit form; but posting
+> the form went back to the login page. Cookie problem? --[[Joey]]

correction; I did not reproduce this
I was manually reloading /ikiwiki.cgi?do=login, and postsignin is not
set when that's done, which is a bug, but not the bug I was after.
diff --git a/doc/bugs/login_problem.mdwn b/doc/bugs/login_problem.mdwn
index c83cd5870..374fb51dc 100644
--- a/doc/bugs/login_problem.mdwn
+++ b/doc/bugs/login_problem.mdwn
@@ -2,30 +2,10 @@ For around 2 weeks, I've been getting an increasing quantity of nonspecific
 reports from users of login problems on ikiwiki sites, mostly joeyh.name
 and git-annex.branchable.com. A few users are still logging in
 successfully, but it seems to be hitting many users; post volume has gone
-down more than holidays would explain. --[[Joey]] 
+down more than holidays would explain.
 
 It doesn't seem limited to any login method; email and password have both
 been said not to work. (Openid too, but could be openid provider problem
 there.)
 
-After a few tries
-I seem to have reproduced the problem with email login; I ended up at a
-"Error: login failed, perhaps you need to turn on cookies?" 
-page but my browser had an ikiwiki session cookie. And,
-looking in the session database file, the cookie id was in there. Then I
-went to "/do=prefs" in the same browser, and I was actually already 
-logged in. 
-
-That points at a problem with the "postsignin" redirect;
-if the session does not get a postsignin url set, it can error out that way
-despite being logged in.
-
-Reproducing again, I posted the login form, and before clicking on the
-login link, looked at the session.db -- it contained an entry for my session,
-but without a postsignin url.
-
-	$ strings sessions.db
-	$D = {'_SESSION_ID' => 'xxx','_SESSION_REMOTE_ADDR' => 'yyy','_SESSION_ATIME' => 1515106022,'_SESSION_CTIME' => 1515105990};;$D
-
-The postsignin url is certianly getting set at other times though,
-and why would this have only recently started to affect lots of users?
+I have not managed to reproduce the problem myself. --[[Joey]]

bug report
diff --git a/doc/bugs/login_problem.mdwn b/doc/bugs/login_problem.mdwn
new file mode 100644
index 000000000..c83cd5870
--- /dev/null
+++ b/doc/bugs/login_problem.mdwn
@@ -0,0 +1,31 @@
+For around 2 weeks, I've been getting an increasing quantity of nonspecific
+reports from users of login problems on ikiwiki sites, mostly joeyh.name
+and git-annex.branchable.com. A few users are still logging in
+successfully, but it seems to be hitting many users; post volume has gone
+down more than holidays would explain. --[[Joey]] 
+
+It doesn't seem limited to any login method; email and password have both
+been said not to work. (Openid too, but could be openid provider problem
+there.)
+
+After a few tries
+I seem to have reproduced the problem with email login; I ended up at a
+"Error: login failed, perhaps you need to turn on cookies?" 
+page but my browser had an ikiwiki session cookie. And,
+looking in the session database file, the cookie id was in there. Then I
+went to "/do=prefs" in the same browser, and I was actually already 
+logged in. 
+
+That points at a problem with the "postsignin" redirect;
+if the session does not get a postsignin url set, it can error out that way
+despite being logged in.
+
+Reproducing again, I posted the login form, and before clicking on the
+login link, looked at the session.db -- it contained an entry for my session,
+but without a postsignin url.
+
+	$ strings sessions.db
+	$D = {'_SESSION_ID' => 'xxx','_SESSION_REMOTE_ADDR' => 'yyy','_SESSION_ATIME' => 1515106022,'_SESSION_CTIME' => 1515105990};;$D
+
+The postsignin url is certianly getting set at other times though,
+and why would this have only recently started to affect lots of users?

Is it still Joey's opinion that ikiwiki.info should remain using the anti-theme?
diff --git a/doc/todo/Modern_standard_layout.mdwn b/doc/todo/Modern_standard_layout.mdwn
index 37f1ee740..64399b1b2 100644
--- a/doc/todo/Modern_standard_layout.mdwn
+++ b/doc/todo/Modern_standard_layout.mdwn
@@ -37,3 +37,32 @@ I think it would be a good idea to think about the standard layout style of ikiw
 > `auto.setup` and `auto-blog.setup` could have different defaults,
 > or allow a theme to be picked as [Branchable](http://branchable.com/)
 > does. Perhaps actiontabs for auto-blog and default for wikis? --[[Joey]]
+
+----                                                                                                                   
+                                                                                                                       
+Is it still Joey's opinion that ikiwiki.info should remain using the anti-theme?                                       
+                                                                                                                       
+I'd like to make one last, clear petition to move ikiwiki.info to using the actiontabs                                 
+theme. Rationale below.                                                                                                
+                                                                                                                       
+I wanted to just ask one last time if that was still the case. I've been considering                                   
+picking back up my ikiwiki hacking efforts,  as well as thinking about my personal use                                 
+of ikiwiki, and I was privately pondering on the health of the project. IMHO, it's not                                 
+great unfortunately, and we could use more contributors. I feel that the anti-theme on                                 
+ikiwiki.info is putting off potential users and thus potential contributors. The                                       
+actiontabs theme would be a better "advert" for ikiwiki: a better demonstration of what                                
+you *could* do with it, and I think that's an important function of the site. I think                                  
+people might come across ikiwiki.info whilst looking for basic information on the project                              
+and be put off by the anti-theme.                                                                                      
+                                                                                                                       
+Honestly, I also find it hard to read information on the site due to the anti-theme (yes,                              
+the default font face and size etc. are my own brower's preferences, but I sometimes use                               
+browsers on other machines that I have not configured), including the wide (lack of)                                   
+content margins, and prefer to interact with it (generally) using local clones.                                        
+(I've just made *this* edit this way, but actually because the login process via email                                 
+seems to be broken for edit/preview workflow. I might investigate/file about that later.)                              
+                                                                                                                       
+I wonder if someone feels the same, since you defaulted to actiontabs on branchable.                                   
+                                                                                                                       
+Thanks, [[users/Jon]].  (PS: Every log in method failed for me with Firefox Quantum
+trying to post this. Untrusted git push also failed.)