[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1839039 - /subversion/site/staging/download.html

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 25 Aug 2018 13:21:27 +0000

luke1410_at_apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> @@ -258,7 +258,8 @@ Other mirrors:
> <p>Alternatively, you can verify the checksums on the files.

[preƫxisting issue] This sentence is misleading to people not well-versed
in crypto, isn't it?

PGP verification provides stronger assurances than a checksum
verification, but this sentence makes it sound like the two methods are
equivalent. How about changing it to, say, ---

    If you're unable to verify the PGP signatures, you can instead verify the checksums on the files.
    However, PGP signatures are superior[citation needed] to checksum, and we recommend to verify using PGP whenever possible.

Where [citation needed] links to some not-too-technical explanation of the matter.

> A unix program called <code>sha512sum</code>
> - is included in many unix distributions.</p>
> + is included in many unix distributions.<br />
> + On Windows you can use the certutil command line tool, for instance.</p>

Perhaps add the specific --option flags here? Or at least use <code/>
tags to get the monospaced font.


Received on 2018-08-25 15:21:38 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.