subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan <luke1...@posteo.de>
Subject Re: svn commit: r1839039 - /subversion/site/staging/download.html
Date Sat, 25 Aug 2018 13:42:00 GMT
On 25/08/2018 15:21, Daniel Shahaf wrote:
> luke1410@apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
>> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
>> @@ -258,7 +258,8 @@ Other mirrors:
>>  
>>  <p>Alternatively, you can verify the checksums on the files.
> [preƫxisting issue] This sentence is misleading to people not well-versed
> in crypto, isn't it?
>
> PGP verification provides stronger assurances than a checksum
> verification, but this sentence makes it sound like the two methods are
> equivalent.  How about changing it to, say, ---
>
>     If you're unable to verify the PGP signatures, you can instead verify the checksums
on the files.
>     However, PGP signatures are superior[citation needed] to checksum, and we recommend
to verify using PGP whenever possible.
>
> Where [citation needed] links to some not-too-technical explanation of the matter.
Sounds reasonable to me. Don't hesitate to adjust. ;-)

>
>>     A unix program called <code>sha512sum</code>
>> -   is included in many unix distributions.</p>
>> +   is included in many unix distributions.<br />
>> +   On Windows you can use the certutil command line tool, for instance.</p>
> Perhaps add the specific --option flags here?  Or at least use <code/>
> tags to get the monospaced font.

Added more specific usage sample for cerutils (incl. the missing
<code>-tags) in r1839052.

Regards,
Stefan


Mime
View raw message