subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: svn commit: r1839039 - /subversion/site/staging/download.html
Date Sat, 25 Aug 2018 14:43:59 GMT
Stefan wrote on Sat, 25 Aug 2018 15:42 +0200:
> On 25/08/2018 15:21, Daniel Shahaf wrote:
> > luke1410@apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> >> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> >> @@ -258,7 +258,8 @@ Other mirrors:
> >>  
> >>  <p>Alternatively, you can verify the checksums on the files.
> > [preƫxisting issue] This sentence is misleading to people not well-versed
> > in crypto, isn't it?
> >
> > PGP verification provides stronger assurances than a checksum
> > verification, but this sentence makes it sound like the two methods are
> > equivalent.  How about changing it to, say, ---
> >
> >     If you're unable to verify the PGP signatures, you can instead verify the checksums
on the files.
> >     However, PGP signatures are superior[citation needed] to checksum, and we recommend
to verify using PGP whenever possible.
> >
> > Where [citation needed] links to some not-too-technical explanation of the matter.
> Sounds reasonable to me. Don't hesitate to adjust. ;-)

Thanks for the review.  Added the text in r1839066 (without a citation).

Mime
View raw message