On 25/08/2018 15:21, Daniel Shahaf wrote:
> luke1410_at_apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
>> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
>> @@ -258,7 +258,8 @@ Other mirrors:
>>
>> <p>Alternatively, you can verify the checksums on the files.
> [preƫxisting issue] This sentence is misleading to people not well-versed
> in crypto, isn't it?
>
> PGP verification provides stronger assurances than a checksum
> verification, but this sentence makes it sound like the two methods are
> equivalent. How about changing it to, say, ---
>
> If you're unable to verify the PGP signatures, you can instead verify the checksums on the files.
> However, PGP signatures are superior[citation needed] to checksum, and we recommend to verify using PGP whenever possible.
>
> Where [citation needed] links to some not-too-technical explanation of the matter.
Sounds reasonable to me. Don't hesitate to adjust. ;-)
>
>> A unix program called <code>sha512sum</code>
>> - is included in many unix distributions.</p>
>> + is included in many unix distributions.<br />
>> + On Windows you can use the certutil command line tool, for instance.</p>
> Perhaps add the specific --option flags here? Or at least use <code/>
> tags to get the monospaced font.
Added more specific usage sample for cerutils (incl. the missing
<code>-tags) in r1839052.
Regards,
Stefan
Received on 2018-08-25 15:42:10 CEST