+@node Uploading and security
+@section Uploading and security
+
+The website is generated hourly by user @code{graham} the host
+@code{lilypond.org}. For security reasons, we do not use the
+makefiles and scripts directly from git; copies of the relevant
+scripts are examined and copied to
+@code{~graham/lilypond/trusted-scripts/}
+
+Get latest source code:
+
+@verbatim
+### update-git.sh
+#!/bin/sh
+cd $HOME/src/lilypond
+git fetch origin
+git merge origin/master
+@end verbatim
+
+Check for any updates to trusted scripts:
+
+@verbatim
+### check-git.sh
+#!/bin/sh
+GIT=$HOME/src/lilypond
+DEST=$HOME/lilypond/trusted-scripts
+diff -u $DEST/website.make $GIT/website.make
+diff -u $DEST/lilypond-texi2html.init $GIT/Documentation/lilypond-texi2html.init
+diff -u $DEST/extract_texi_filenames.py $GIT/scripts/build/extract_texi_filenames.py
+diff -u $DEST/create-version-itexi.py $GIT/scripts/build/create-version-itexi.py
+diff -u $DEST/create-weblinks-itexi.py $GIT/scripts/build/create-weblinks-itexi.py
+diff -u $DEST/mass-link.py $GIT/scripts/build/mass-link.py
+diff -u $DEST/website_post.py $GIT/scripts/build/website_post.py
+@end verbatim
+
+If the changes look ok, make them trusted:
+
+@verbatim
+### copy-from-git.sh
+#!/bin/sh
+GIT=$HOME/src/lilypond
+DEST=$HOME/lilypond/trusted-scripts
+cp $GIT/website.make $DEST/website.make
+cp $GIT/Documentation/lilypond-texi2html.init $DEST/lilypond-texi2html.init
+cp $GIT/scripts/build/extract_texi_filenames.py $DEST/extract_texi_filenames.py
+cp $GIT/scripts/build/create-version-itexi.py $DEST/create-version-itexi.py
+cp $GIT/scripts/build/create-weblinks-itexi.py $DEST/create-weblinks-itexi.py
+cp $GIT/scripts/build/mass-link.py $DEST/mass-link.py
+cp $GIT/scripts/build/website_post.py $DEST/website_post.py
+@end verbatim
+
+Build the website:
+
+@verbatim
+### make-website.sh
+#!/bin/sh
+DEST=$HOME/public_html/
+cd $HOME/src/build-website
+cp $HOME/lilypond/trusted-scripts/website.make .
+
+make -f website.make WEBSITE_ONLY_BUILD=1 website
+rsync -ra $HOME/src/build-website/out-website/website/ $DEST/website/
+cp $HOME/src/build-website/out-website/pictures $DEST
+@end verbatim
+
+Cronjob to automate the trusted portions:
+
+@verbatim
+# website-rebuild.cron
+11 * * * * $HOME/lilypond/trusted-scripts/update-git.sh >/dev/null 2>&1
+22 * * * * $HOME/lilypond/trusted-scripts/make-website.sh >/dev/null 2>&1
+@end verbatim
+
+
+To reduce the CPU burden on the shared host (as well as some
+security concerns), the @file{Documentation/pictures/} and
+@file{Documentation/web/ly-examples/} directories are @strong{not}
+compiled. If you modify any files in those directories, a user in
+the @code{lilypond} group must upload them to @file{~graham/media}
+on the host.
+
+Upload latest pictures/ and ly-examples/ (local script):
+
+@verbatim
+### upload-lily-web-media.sh
+#!/bin/sh
+BUILD_DIR=$HOME/src/build-lilypond
+
+PICS=$BUILD_DIR/Documentation/pictures/out-www/
+EXAMPLES=$BUILD_DIR/Documentation/web/ly-examples/out-www/
+
+cd $BUILD_DIR
+rsync -a $PICS graham@lilypond.org:media/pictures
+rsync -a $EXAMPLES graham@lilypond.org:ly-examples
+@end verbatim
+
+