Modernise and clean up the wording of the Debian welcome message

Replace PGP/GPG with OpenPGP as that is the name of the standard.

Drop mention of telnet/rlogin as those are obsolete system access protocols.

Mention that publickey for SSH is required since passwords are insecure.

De-prioritise looking up SSH fingerprints on the web since it is tedious.

Mention that the SSH known_hosts file can be downloaded via SSH too.

Mention that the SSH fingerprints can be looked up using DNSSEC/SSHFP.

Switch from mentioning SSL to TLS since the former is obsolete and unused.

Mention that almost all debian.org servers now have TLS.

Mention that some Debian websites now have Tor Onion Services.

Mention that SFTP/rsync can also be used when uploading over SSH.

Since Salsa dropped the -guest suffix, just refer to them as guest accounts.

Mention the OFTC IRC network instead of irc.debian.org, which breaks TLS.

debian/changelog

@@ -44,6 +44,9 @@ userdir-ldap (0.3.104) UNRELEASED; urgency=medium
   * ud-replicate: add retrieval of mail-passwords file
   * ud-mailgate: handle mail-password changes
 
+  [ Paul Wise ]
+  * welcome-message-Debian: modernise and clean up the wording
+
  -- Julien Cristau <jcristau@debian.org>  Sat, 16 Apr 2022 23:56:17 +0200
 
 userdir-ldap (0.3.103) unstable; urgency=medium

templates/welcome-message-Debian

@@ -30,7 +30,7 @@ these settings.  Some may also be exposed via the web interface behind
 <URL:https://db.debian.org/login.html>.
 
 Your password to access db.debian.org can be found encrypted with your
-PGP key and appended to this message.  It cannot be used to log into
+OpenPGP key and appended to this message.  It cannot be used to log into
 our machines; see the paragraph on SSH keys below.
 
 You now have access to various project machines, for a list of them take
@@ -45,23 +45,30 @@ dependencies yourself once you instantiated a session.  Please
 consult <URL:https://dsa.debian.org/doc/schroot/> for more information
 and ask your fellow DDs if you need any help.
 
-You need to use ssh to log into the machines; telnet and rlogin are
-disabled for security reasons.  On debian.org servers the only ssh
-authentication method available is publickey.  The LDAP directory is
-able to share public ssh keys among machines, please see
-<URL:https://db.debian.org/doc-mail.html>.  Please be aware of the
+You can use ssh to log into the machines. On debian.org servers the only
+ssh authentication method available is publickey for security reasons.
+The LDAP directory is able to share public ssh keys among machines, please
+see <URL:https://db.debian.org/doc-mail.html>.  Please be aware of the
 security implications of using public-key authentication and ssh agents.
-The SSH fingerprints for all Debian machines can be looked up at
-<URL:https://db.debian.org/machines.cgi> or a known_hosts file can be
-downloaded from <URL:https://db.debian.org/debian_known_hosts>.
+The SSH fingerprints for all Debian machines can be found in a known_hosts
+that file can be downloaded from <URL:https://db.debian.org/debian_known_hosts>
+or obtained via SSH from master.debian.org:/var/lib/misc/ssh_known_hosts, or
+looked up in DNS from DNSSEC protected SSHFP records using the VerifyHostKeyDNS
+ssh option, or looked up on the web at <URL:https://db.debian.org/machines.cgi>.
 
-Debian secures some of its websites using SSL. The SSL certificates
-used are signed by Let's Encrypt certificate authority.
+Debian secures almost all of its websites using TLS. The TLS certificates
+used are signed by the Let's Encrypt certificate authority.
+
+Debian provides anonymous access to some of its websites via the Tor Network,
+using Onion Services <URL:https://community.torproject.org/onion-services/>.
+The list of available websites is on <URL:https://onion.debian.org/> and also
+<URL:http://jvgypgbnfyvfopg5msp6nwr2sl2fd6xmnguq35n7rfkw3yungjn2i4yd.onion/>.
 
 To give you a quick overview here is a list of the most important
 machines from the project you can access.  There is the main archive
-server, but shell access to it is restricted for security reasons. You
-can upload using SCP or anonymous FTP, with SCP being preferred.
+server, but shell access to it is restricted for security reasons.
+You can upload using SSH or anonymous FTP, with SSH being preferred.
+You can use the SCP, SFTP or rsync protocols when uploading over SSH.
 Please use the service name ssh.upload.debian.org (or ftp.upload)
 as the target for your uploads (so that we can point that some place
 else when the archive system is down for maintenance etc.).  A tool
@@ -74,7 +81,7 @@ machine in the directory ~/public_html/.
 
 The service hosting most of our git repositories is salsa.debian.org,
 and it is handled by a separate team that you can reach at
-salsa-admin@debian.org.  You probably already have a *-guest account
+salsa-admin@debian.org.  You probably already have a guest account
 there.  Please refer to https://wiki.debian.org/Salsa to learn anything
 you need to know, including how to activate your account.
 
@@ -130,7 +137,7 @@ We strongly suggest that you use your __LOGIN__@debian.org address for
 the maintainer field in your packages, because that one will be valid
 as long as you are a Debian developer, even if you change jobs, leave
 university or change Internet Service providers.  If you do so, please
-add that address to your PGP/GPG key(s) (using `gpg --edit-key "YOUR
+add that address to your OpenPGP key(s) (using `gpg --edit-key "YOUR
 USER ID"') and send it to the keyring server at keyring.debian.org
 with `gpg --keyserver keyring.debian.org --send-keys "YOUR USER ID"'.
 
@@ -139,7 +146,7 @@ This list is for new maintainers who seek help with initial packaging
 and other developer-related issues.  Those who prefer one-on-one help
 can also post to the list, and an experienced developer may volunteer
 to help you.  You can get online help on IRC, too, if you join the
-channel #debian-devel or #debian-mentors on irc.debian.org.  Take a look
+channel #debian-devel or #debian-mentors on the OFTC network.  Take a look
 at the support section on <URL:https://www.debian.org/> in order to find
 out more information.