Re: [Tails-dev] [T(A)ILS-dev] doc: verify the iso image

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [T(A)ILS-dev] doc: verify the iso image
Hi,

sajolida wrote (14 May 2011 20:27:42 GMT) :
> I had a look at possible GnuPG options for Windows user. The one
> recommended by gnupg.org is Gpg4win. It doesn't work under Wine so I
> couldn't test it so far. But for sure, it doesn't have a valid
> mainstream HTTPS certificate ;) We could decide to mirror a
> « trusted » version of it but I fear we don't feel like doing so.


Ok.

> I agree with that. The GnuPG option seems similarly easy for Linux/Gnome
> users. So we could do instead:


> - Using our OpenPGP key with Gnome (recommended, Linux: Tails, Ubuntu,
> Debian, Fedora, etc.)
> That would be the Seahorse + Nautilus right-click technique


> - Using Firefox (easy, Windows & MAC)
> That would be the fail-over SHA-256 technique for Windows users


> - Using our OpenPGP key without Gnome (advanced, Linux)
> Same as the actual one


> If we go for that, we would still need to add the SHA-256 sum on the
> download page but we could remove the .iso.sha256 file from the
> torrent and mirror servers.


Ack, sounds great. Make sure you adapt the release_process page
accordingly when you implement this on the download page.

>> => I'm rather in favour of removing the SHA-256 method.


> It would be half-removed then ;)


Right :)

Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Do not be trapped by the need to achieve anything.
| This way, you achieve everything.