Re: svn commit: r1839039 - /subversion/site/staging/download.html

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 25 Aug 2018 13:21:27 +0000

luke1410_at_apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> @@ -258,7 +258,8 @@ Other mirrors:
>
> <p>Alternatively, you can verify the checksums on the files.

[preëxisting issue] This sentence is misleading to people not well-versed
in crypto, isn't it?

PGP verification provides stronger assurances than a checksum
verification, but this sentence makes it sound like the two methods are
equivalent. How about changing it to, say, ---

If you're unable to verify the PGP signatures, you can instead verify the checksums on the files.
However, PGP signatures are superior[citation needed] to checksum, and we recommend to verify using PGP whenever possible.

Where [citation needed] links to some not-too-technical explanation of the matter.

> A unix program called <code>sha512sum</code>
> - is included in many unix distributions.</p>
> + is included in many unix distributions.<br />
> + On Windows you can use the certutil command line tool, for instance.</p>

Perhaps add the specific --option flags here? Or at least use <code/>
tags to get the monospaced font.

Cheers,

Daniel
Received on 2018-08-25 15:21:38 CEST

This message: [ Message body ]
Next message: Stefan: "Re: svn commit: r1839039 - /subversion/site/staging/download.html"
Previous message: Stefan: "Re: svn commit: r1838746 - /subversion/site/staging/download.html"
Next in thread: Stefan: "Re: svn commit: r1839039 - /subversion/site/staging/download.html"
Reply: Stefan: "Re: svn commit: r1839039 - /subversion/site/staging/download.html"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]