Hi,
sajolida wrote (23 Apr 2011 13:06:34 GMT) :
> So what I would propose is:
> - Rephrase the howto to talk about integrity and not authenticity.
> And add another section about authenticity explaining that a
> careful check through OpenPGP is the recommended way of checking
> Tails authenticity (since even HTTPS can't always protect you from
> MitM, blabla).
>
> - Improve the trust people can put on the website. That could mean
> using a commercial SSL certificate and force HTTPS on it. Even
> though I know that we can't be 100 % satisfied with such a
> solution, allowing everybody to use mainstream HTTPS on
> tails.boum.org could be a good step forward for the users who
> won't go through careful OpenPGP checks.
>
> - Have a debate on limiting the open edition of some parts of the
> website. I'm not sure how this works right now but I guess, if we
> decide to improve the trust people can put on the website, we
> don't want people to be able to freely edit the download page, the
> OpenPGP key page or the 'Download Tails' button, etc.
Full ack.
Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Who wants a world in which the guarantee that we shall not
| die of starvation would entail the risk of dying of boredom ?
