restructure verification page (#3893, #17413) #31
Conversation
traumschule
force-pushed
the
verification
branch
from
a2ab6fb
to
b77b1d9
Compare
docs/en/verifying-signatures.wml
Outdated
|
|
||
| <p>The next step is to use GnuPG to import the key that signed | ||
| your package. The Tor Browser team signs Tor Browser releases. Import its | ||
| key (0x4E2C6E8793298290) by starting the terminal under "Applications" |
There was a problem hiding this comment.
Terminal.app is in Applications/Utilities on macOS
docs/en/verifying-signatures.wml
Outdated
| <h3>Import OpenPGP key on Linux</h3> | ||
| <p> | ||
| You need to have GnuPG installed before you can verify | ||
| signatures. It's probably GnuPG is alreadyy installed on your |
docs/en/verifying-signatures.wml
Outdated
| Key fingerprint = A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136 | ||
| sub rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12] | ||
| Key fingerprint = 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2 | ||
| gpg: assuming signed data in 'tor-browser-osx64-<version-torbrowserbundleosx64>_en-US.tar.xz' |
There was a problem hiding this comment.
thanks for catching this!
docs/en/verifying-signatures.wml
Outdated
| @@ -210,113 +391,250 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 | |||
| exchange key fingerprints. | |||
There was a problem hiding this comment.
For most of our users, international travel is really not the best method. We need to provide a better explanation here.
There was a problem hiding this comment.
Good point, changing to "As international travel to meet the developer might be
unfeasable you are left with trusting other people who signed this key."
docs/en/verifying-signatures.wml
Outdated
| </label> | ||
| <article> | ||
| <p> | ||
| Note: This process does not work on OS X yet due to Apple's codesigning requirement. |
There was a problem hiding this comment.
Please consistently use "macOS" throughout the document
docs/en/verifying-signatures.wml
Outdated
| <input id="ac-4-1" name="accordion-4" type="radio" checked /> | ||
| <article class="ac-os"> | ||
| <!--<pre id="ttb-key"> | ||
| > gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
There was a problem hiding this comment.
These instructions duplicate earlier instructions, but they're also slightly different. Is there a better way?
There was a problem hiding this comment.
This is commented because I assume at this point it is ok, to tell users reproduce above step to import the key by just telling the key id. I see no better option at the moment.
There was a problem hiding this comment.
You should feel free to delete obsolete instructions.
We can always get them back out of git.
docs/en/verifying-signatures.wml
Outdated
| to the developer. The best method is to meet the developer in person and | ||
| exchange key fingerprints. | ||
| to the developer. As international travel to meet the developer might be | ||
| unfeasable you are left with trusting other people who signed this key. |
There was a problem hiding this comment.
This explanation raises security concerns, but it doesn't tell people what they should do.
If you can't give people a useful action to take to improve their security, please just tell them to ignore the warning.
One useful action might be: "use another device or another internet connection to check the key fingerprints listed on the tor website at ..."
docs/en/verifying-signatures.wml
Outdated
| @@ -507,7 +516,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 | |||
| <!-- Mac OS --><!-- | |||
| <div> | |||
| <article class="ac-os"> | |||
| This process does not work on OS X yet due to Apple's codesigning requirement. | |||
| This process does not work on macOS yet due to Apple's codesigning requirement. | |||
There was a problem hiding this comment.
Please consistently use "OS X", "macOS", or "Mac OS X" throughout the document.
You could choose "macOS", because that's what Apple calls it now. Or you could match the Tor download page.
docs/en/verifying-signatures.wml
Outdated
| <input id="ac-4-1" name="accordion-4" type="radio" checked /> | ||
| <article class="ac-os"> | ||
| <!--<pre id="ttb-key"> | ||
| > gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
There was a problem hiding this comment.
You should feel free to delete obsolete instructions.
We can always get them back out of git.
docs/en/verifying-signatures.wml
Outdated
| <div> | ||
| <input id="ac-4-3" name="accordion-4" type="radio" /> | ||
| <article class="ac-os ac-4-3"> | ||
| <!--<pre id="ttb-key"> |
There was a problem hiding this comment.
You should feel free to delete obsolete instructions.
We can always get them back out of git.
traumschule
changed the title
|
Hey, could you just resolve conflicts before I merge this? |
traumschule
force-pushed
the
verification
branch
from
229ac12
to
ec59f0b
Compare
|
rebased. @teor2345 sorry, lost your comments through
Maybe that's ok because we (hopefully) soon have are shorter version in the tb-manual: |
traumschule
force-pushed
the
verification
branch
2 times, most recently
from
eb87916
to
3ed3936
Compare
traumschule
force-pushed
the
verification
branch
from
3ed3936
to
57d6d3e
Compare
|
squashed commits to |
traumschule
force-pushed
the
verification
branch
from
57d6d3e
to
411fa77
Compare
- add TOC - only show instructions for selected OS - improve usability of MacOS installation process (#17413) - Add instructions how to verify signatures on Android (#27514)
traumschule
force-pushed
the
verification
branch
from
411fa77
to
180b8f1
Compare
|
updated css. |
http://ea5faa5po25cf7fb.onion/projects/tor/ticket/3893
Each section will have OS specific instructions. When all sections are collapsed at the beginning and users only open what they are interested in, my hope is the page will be much less confusing.
According to browser support for CSS3 properties the used transition feature is not supported by browsers older than: IE 10, FF 16, Chrome 26, Safari 6.1 and Opera 12.1