add external references i found in my travels

c65c258e · anarcat · 48b7aa26 · c65c258e · c65c258e · c65c258e
Verified Commit c65c258e authored 4 years ago by anarcat
--- a/howto/gitlab.md
+++ b/howto/gitlab.md
@@ -1024,6 +1024,9 @@ prefered programming language:
 * [salsa](https://manpages.debian.org/buster/devscripts/salsa.1.en.html) (in [Debian devscripts](https://tracker.debian.org/pkg/devscripts)) is specifically built for
   salsa but might be coerced into talking to other GitLab servers

+GitLab upstream has a [list of third-party commandline tools](https://about.gitlab.com/partners/#cli-clients) that
+is interesting as well.
+
 ### Migration tools

 ahf implemente the gitlab using his own home-made tools that talk to

--- a/howto/puppet.md
+++ b/howto/puppet.md
@@ -1663,7 +1663,9 @@ OpenPGP verification on the control repository. If a hook checks that
 commits are signed by a trusted party, it does not matter where the
 code is hosted.

-A good reference for OpenPGP verification is [this guix article](https://guix.gnu.org/blog/2020/securing-updates/) which covers a few scenarios.
+A good reference for OpenPGP verification is [this guix article](https://guix.gnu.org/blog/2020/securing-updates/)
+which covers a few scenarios and establishes a pretty solid
+verification workflow.

 We could use the [webhook](https://github.com/voxpupuli/puppet_webhook) system to have GitLab notify the Puppet
 server to pull code.

--- a/howto/submission.md
+++ b/howto/submission.md
@@ -102,6 +102,10 @@ checklist.

 [ticket #30608]: https://bugs.torproject.org/30608

+Note: [this article](https://news.purelymail.com/posts/blog/2019-06-21-deliverability-for-the-rest-of-us.html) has a good overview of deliverability issues
+faced by autonomous providers, which we already face on eugeni, but
+might be accentuated by this project.
+
 ## Goals

 ### Must have