[gimp-web] devel-docs: written mirror procedure update.

[Jehan <jehanp src gnome org>]

commit f27ec7e0f49767f2b1f300c04b5a9cd7af8f8a56
Author: Jehan <jehan girinstud io>
Date:   Wed Oct 6 00:40:34 2021 +0200

    devel-docs: written mirror procedure update.

 devel-docs/mirror-howto.md | 44 +++++++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 19 deletions(-)
---
diff --git a/devel-docs/mirror-howto.md b/devel-docs/mirror-howto.md
index 27278a4d..20a7e637 100644
--- a/devel-docs/mirror-howto.md
+++ b/devel-docs/mirror-howto.md
@@ -10,14 +10,15 @@ rules](https://gitlab.gnome.org/Infrastructure/puppet/-/blob/0df77787596314f41de
 which will redirect `download.gimp.org/mirror/*` URLs to the same file
 at a random mirror from the list.
 
-The list of mirrors in rotation is found at: /etc/httpd/download.gimp.org.map
+The list of mirrors in rotation is found at: `/etc/httpd/download.gimp.org.map`
 
 Each file from this list should have associated rsync credentials
 (though some may not have any yet, if they were created from older
-process time):
+process time; when this is the case, the mirror administrators should be
+contacted for proper re-configuration of their servers):
 
-* rsync credentials are set in: /etc/rsyncd/secrets
-* the login part of the credential must also be copied in: /etc/rsyncd.conf
+* rsync credentials are set in: `/etc/rsyncd/secrets`
+* the login part of the credential must also be copied in: `/etc/rsyncd.conf`
 
 The login must be in both files, otherwise syncing will not work.
 
@@ -50,7 +51,7 @@ instance @Jehan can take care of part of the actions:
    * if the mirror and claimed organization are different domain names,
      verify they are the really linked (through `whois` or other means)
 2. Verify that the `https` URL has no major issue (our redirect happens
-   in https)
+   in https-only so a working https URL is mandatory)
 3. If 1. and 2. are fine, generate an user and a password (e.g. with
    `pwgen`) and add them to `/etc/rsyncd/secrets` in
    `download.gimp.org`. This is done by directly editing the file.
@@ -62,11 +63,13 @@ instance @Jehan can take care of part of the actions:
    by creating a Merge Request to
    [Infrastructure/puppet](https://gitlab.gnome.org/Infrastructure/puppet)
    (not editing it directly on the server, unlike 3.).
-5. Then once the MR is merged, send an email to the mirror admin (email
-   given in their report) asking them for their public GPG key.
-6. When they return their key, send the rsync credentials, encrypted with
-   this key, by email, and ask them to notify when the mirror is
-   properly set-up and synced. Wait for their answer.
+5. Then once the MR is merged, ask the mirror admin for their public GPG
+   key.
+6. When they return their key, send the rsync credentials, encrypted
+   with this key, then signed by yours (which should be on a public key
+   server for non-tampering verification) by email, and ask them to
+   notify when the mirror is properly set-up and synced. Wait for their
+   answer.
 7. Once they notify you that the sync is complete, land the mirror on
    the map file by editing `/etc/httpd/download.gimp.org.map` directly
    on the server.
@@ -81,9 +84,9 @@ instance @Jehan can take care of part of the actions:
 10. The script will update `tools/downloads/downloads.http.txt`
    automatically and should tell you that
    `content/downloads/mirrors.json` has to be updated too. Do so by
-   giving the public name of the mirror organization, link, location and
-   other data. In "more", also add the report link.
-   If other data needs to be updated, do so as well (for instance if
+   writing the public name of the mirror organization, link, location
+   and other data. In "more", also add the report link for reference.
+   If other data need to be updated, do so as well (for instance if
    other mirrors changed).
 11. Run again:
 
@@ -92,14 +95,15 @@ instance @Jehan can take care of part of the actions:
    ```
    This time, it should tell you everything is fine.
 12. Verify all mirrors (especially new ones) are well synced at least
-    for the last release:
-    ```sh
-    tools/downloads/gimp-check-mirrors.py
-    ```
+   for the last release:
+
+   ```sh
+   tools/downloads/gimp-check-mirrors.py
+   ```
 13. Commit all the changes and push them to `gimp-web`'s `testing`
-    branch.
+   branch.
 14. After a short time, make sure that testing's [sponsor 
page](https://testing.gimp.org/donating/sponsors.html)
-    is properly updated.
+   is properly updated.
 
 Of course, the public website will be updated when you merge `testing`
 into `master` branch which does not have to happen immediately.
@@ -129,6 +133,8 @@ If you want to check a specific file, add it (or them) to the command
 line. If you set `--verify-checksum` option, then it will also check
 data integrity.
 
+This check is also run automatically and regularly by Gitlab CI.
+
 ## Future
 
 Some work is being done to move to a MirrorBits infrastructure which