=== modified file 'README'
--- README	2008-09-04 07:44:49 +0000
+++ README	2008-09-04 12:38:35 +0000
@@ -125,7 +125,7 @@
   just as well open your servers and read the file system keys right
   off the memory by running wires to the memory bus.
   
-  What this system is designed to protect against is *not* such
-  determined, focused, and competent attacks, but against the early
-  morning knock on your door and the sudden absence of all the servers
-  in your server room.  Which it does nicely.
+  What Mandos is designed to protect against is *not* such determined,
+  focused, and competent attacks, but against the early morning knock
+  on your door and the sudden absence of all the servers in your
+  server room.  Which it does nicely.

=== modified file 'initramfs-tools-hook'
--- initramfs-tools-hook	2008-08-24 23:18:18 +0000
+++ initramfs-tools-hook	2008-09-04 12:38:35 +0000
@@ -74,7 +74,7 @@
 for file in /etc/mandos/plugins.d/*; do
     base="`basename \"$file\"`"
     case "$base" in
-	*~|.*|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;
+	*~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;
 	*) copy_exec "$file" "${PLUGINDIR}";;
     esac
 done
@@ -85,20 +85,13 @@
     copy_exec /usr/bin/gpg
 fi
 
-# Key files
+# Key files and config files
 for file in /etc/mandos/*; do
     if [ -d "$file" ]; then
 	continue
     fi
     cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
 done
-# Create key ring files
-gpg --no-random-seed-file --quiet --batch --no-tty --armor \
-    --no-default-keyring --no-options --enable-dsa2 \
-    --homedir "${DESTDIR}${CONFDIR}" --no-permission-warning \
-    --trust-model always --import-options import-minimal \
-    --import "${DESTDIR}${CONFDIR}/seckey.txt"
-chown nobody "${DESTDIR}${CONFDIR}/secring.gpg"
 
 # /lib/mandos/plugin-runner will drop priviliges, but needs access to
 # its plugin directory and its config file.  However, since almost all
@@ -125,5 +118,6 @@
     chmod a+rX "${DESTDIR}$dir"
 done
 for dir in /lib /usr/lib; do
-    chmod --recursive a+rX "${DESTDIR}$dir"
+    find "${DESTDIR}$dir" \! -perm /u+rw,g+r -prune -o -print0 \
+	| xargs --null chmod a+rX
 done

=== modified file 'plugin-runner.xml'
--- plugin-runner.xml	2008-09-02 13:04:42 +0000
+++ plugin-runner.xml	2008-09-04 12:38:35 +0000
@@ -3,7 +3,7 @@
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY VERSION "1.0">
 <!ENTITY COMMANDNAME "plugin-runner">
-<!ENTITY TIMESTAMP "2008-09-02">
+<!ENTITY TIMESTAMP "2008-09-04">
 ]>
 
 <refentry xmlns:xi="http://www.w3.org/2001/XInclude">
@@ -140,11 +140,11 @@
     <title>DESCRIPTION</title>
     <para>
       <command>&COMMANDNAME;</command> is a program which is meant to
-      be specified as <quote>keyscript</quote> in <citerefentry>
-      <refentrytitle>crypttab</refentrytitle>
-      <manvolnum>5</manvolnum></citerefentry> for the root disk.  The
-      aim of this program is therefore to output a password, which
-      then <citerefentry><refentrytitle>cryptsetup</refentrytitle>
+      be specified as a <quote>keyscript</quote> for the root disk in
+      <citerefentry><refentrytitle>crypttab</refentrytitle>
+      <manvolnum>5</manvolnum></citerefentry>.  The aim of this
+      program is therefore to output a password, which then
+      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
       <manvolnum>8</manvolnum></citerefentry> will use to unlock the
       root disk.
     </para>
@@ -428,8 +428,8 @@
       </para>
       <para>
 	The plugin must not use resources, like for instance reading
-	from the standard input, without knowing that no other plugins
-	are also using it.
+	from the standard input, without knowing that no other plugin
+	is also using it.
       </para>
       <para>
 	It is useful, but not required, for the plugin to take the