Stefan wrote on Sat, 25 Aug 2018 15:42 +0200:
> On 25/08/2018 15:21, Daniel Shahaf wrote:
> > luke1410_at_apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> >> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> >> @@ -258,7 +258,8 @@ Other mirrors:
> >>
> >> <p>Alternatively, you can verify the checksums on the files.
> > [preƫxisting issue] This sentence is misleading to people not well-versed
> > in crypto, isn't it?
> >
> > PGP verification provides stronger assurances than a checksum
> > verification, but this sentence makes it sound like the two methods are
> > equivalent. How about changing it to, say, ---
> >
> > If you're unable to verify the PGP signatures, you can instead verify the checksums on the files.
> > However, PGP signatures are superior[citation needed] to checksum, and we recommend to verify using PGP whenever possible.
> >
> > Where [citation needed] links to some not-too-technical explanation of the matter.
> Sounds reasonable to me. Don't hesitate to adjust. ;-)
Thanks for the review. Added the text in r1839066 (without a citation).
Received on 2018-08-25 16:44:13 CEST