Hi Cody,
> I agree with you that the user should be instructed to not only download
> the Tails signing key but to import it as well.
An alternative would be to add "--auto-key-retrieve" to gpg options before
"--verify", that would (as the name implies) download the key if it's not
present locally avoiding the entire import step.
(The key and signature can be configured to download the key from
https://boum.org, avoiding issues with keyservers).
Another suggestion may be adding "--with-fingerprint" to "--verify" and asking
the user to check if the verification prints:
> Primary key fingerprint: A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F
(Currently the guide shows an example with an output that prints subkey
fingerprint, and that may change while the primary key's fingerprint stays the
same).
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor