subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: svn commit: r1839039 - /subversion/site/staging/download.html
Date Sat, 25 Aug 2018 13:21:27 GMT
luke1410@apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> @@ -258,7 +258,8 @@ Other mirrors:
>  
>  <p>Alternatively, you can verify the checksums on the files.

[preƫxisting issue] This sentence is misleading to people not well-versed
in crypto, isn't it?

PGP verification provides stronger assurances than a checksum
verification, but this sentence makes it sound like the two methods are
equivalent.  How about changing it to, say, ---

    If you're unable to verify the PGP signatures, you can instead verify the checksums on
the files.
    However, PGP signatures are superior[citation needed] to checksum, and we recommend to
verify using PGP whenever possible.

Where [citation needed] links to some not-too-technical explanation of the matter.

>     A unix program called <code>sha512sum</code>
> -   is included in many unix distributions.</p>
> +   is included in many unix distributions.<br />
> +   On Windows you can use the certutil command line tool, for instance.</p>

Perhaps add the specific --option flags here?  Or at least use <code/>
tags to get the monospaced font.

Cheers,

Daniel

Mime
View raw message