Merge branch 'master' into unman-patch-2-1

basics_user/doc-guidelines.md

@@ -225,26 +225,6 @@ Good general content that was submitted only to one branch would effectively dis
 For further discussion about version-specific documentation in Qubes, see [here][version-thread].
 
 
-Contribution Suggestions
-------------------------
-
- * If you find any inaccuracies in the documentation, please correct them!
-
- * If you find an inaccuracy but don't know how to correct it, you can still help
-   by documenting the inaccuracy. For example, if you have *thoroughly* tested
-   a set of steps in the documentation and know *for certain* that they no
-   longer work on a certain version of Qubes (maybe because the steps are
-   out-of-date), then please add a note to the documentation indicating this.
-   You may also wish to provide a link to a relevant thread on the [mailing
-   lists].
-
- * Where appropriate, specify the version of the software to which your
-   contribution applies. For example, if you're contributing a set of
-   instructions for doing something in dom0, specify the version(s) of Qubes OS
-   with which you know these instructions to work. This allows future readers to
-   more easily estimate the accuracy and applicability of information.
-
-
 Style Guidelines
 ----------------
 

common-tasks/full-screen-mode.md

@@ -32,16 +32,6 @@ Enabling full screen mode for select VMs
 
 If you want to enable full screen mode for select VMs, you can do that by creating the following entry in the `/etc/qubes/guid.conf` file in Dom0:
 
-**Note:** Regardless of the settings below, you can always put a window into
-fullscreen mode in Xfce4 using the trusted window manager by right-clicking on
-a window's title bar and selecting "Fullscreen". This functionality should still
-be considered safe, since a VM window still can't voluntarily enter fullscreen
-mode. The user must select this option from the trusted window manager in dom0.
-To exit fullscreen mode from here, press `alt` + `space` to bring up the title
-bar menu again, then select "Leave Fullscreen".
-
-**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ))
-
 ~~~
 VM: {
   personal: {
@@ -52,6 +42,8 @@ VM: {
 
 The string 'personal' above is an example only and should be replaced by the actual name of the VM for which you want to enable this functionality.
 
+**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ))
+
 One can also enable this functionality for all the VMs globally in the same file, by modifying the 'global' section:
 
 ~~~
@@ -66,3 +58,13 @@ global: {
 ~~~
 
 Be sure to restart the VM(s) after modifying this file, for the changes to take effect.
+
+
+**Note:** Regardless of the settings above, you can always put a window into
+fullscreen mode in Xfce4 using the trusted window manager by right-clicking on
+a window's title bar and selecting "Fullscreen". This functionality should still
+be considered safe, since a VM window still can't voluntarily enter fullscreen
+mode. The user must select this option from the trusted window manager in dom0.
+To exit fullscreen mode from here, press `alt` + `space` to bring up the title
+bar menu again, then select "Leave Fullscreen".  
+For StandaloneHVMs, you should set the screen resolution in the qube to that of the host, (or larger), *before* setting fullscreen mode in Xfce4.

security/split-gpg.md

@@ -74,14 +74,16 @@ signed before the operation gets approved. Perhaps the GPG backend domain
 could start a Disposable VM and have the to-be-signed document displayed
 there? To Be Determined.
 
-- The Split GPG client will fail to sign or encrypt if the private key in the
-GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl
-for device"* error. Avoid setting passphrases for the private keys in the GPG
-backend domain, it won't provide extra security anyway, as explained before. If
-you have a private key that already has a passphrase set use
-`gpg2 --edit-key {key_id}`, then `passwd` to set an empty passphrase. Be aware
-that `pinentry-ncurses` doesn't allow setting empty passphrases, so you would need
-to install `pinentry-gtk` for it to work.
+- The Split GPG client will fail to sign or encrypt if the private key in the 
+GnuPG backend is protected by a passphrase. It will give an `Inappropriate ioctl 
+for device` error. Do not set passphrases for the private keys in the GPG
+backend domain. Doing so won't provide any extra security anyway, as explained
+[above][intro] and [below][using split GPG with subkeys].  If you are generating
+a new key pair, or if you have a private key that already has a passphrase, you
+can use  `gpg2 --edit-key <key_id>` then `passwd` to set an empty passphrase.
+Note that `pinentry` might show an error when you try to set an empty
+passphrase, but it will still make the change. (See [this StackExchange
+answer][se-pinentry] for more information.)
 
 ## Configuring Split GPG ##
 
@@ -396,6 +398,8 @@ exercise caution and use your good judgment.)
 
 [#474]: https://github.com/QubesOS/qubes-issues/issues/474
 [using split GPG with subkeys]: #advanced-using-split-gpg-with-subkeys
+[intro]: #what-is-split-gpg-and-why-should-i-use-it-instead-of-the-standard-gpg
+[se-pinentry]: https://unix.stackexchange.com/a/379373
 [​subkeys]: https://wiki.debian.org/Subkeys
 [copied]: /doc/copying-files#on-inter-qube-file-copy-security
 [pasted]: /doc/copy-paste#on-copypaste-security