Hi,
sajolida wrote (22 Apr 2011 15:22:01 GMT) :
> I changed that and put every different warning section as h1.
Well, actually you didn't:
'====' <=> '# ' <=> 1st level
'----' <=> '## ' <=> 2nd level
I've fixed this.
> There seems to be no clear preference on the wiki source between
> using '-----'-style of '#'-style headers, Right?
Right.
I'm not convinced by commit 63259418 ("SHA256 checking howto")'s
current effects. As currently phrased in doc-rework, the download page
puts SHA-256 checksum checking at exactly same level as OpenPGP
signature verification. Since the SHA-256 checksum file is likely to
be fetched from the very same source as the ISO image, it feels wrong
to me.
This section's introduction reads "It is important to check the
integrity of the ISO image you downloaded to make sure that it is
genuine and that the download went well"."
While we can put at the same level:
a. Checking the SHA-256 checksum
b. Checking the OpenPGP signature is *a* valid one (without more key
or owner trust verification)
=> both make sure the downloaded ISO file is the one the *server*
wanted us to get. This allows making sure the download went
well, but *not* that the downloaded image is genuine.
... IMHO it's very different to check the OpenPGP signature is valid
*and* produced by the Tails developers private OpenPGP signing key.
This is the only way to check the downloaded image is genuine.
On the other hand, I see how hard it is to make this difference clear
in documentation intented for a wide audience, without writing too
much text nobody will read :/
What do you and others think?
Other than that, I'm fine and happy with every recent change to
doc-rework :)
Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Did you exchange a walk on part in the war
| for a lead role in the cage?
