[tor-bugs] #31296 [Webpages/Support]: simplify OpenPGP signature verification instructions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 31 13:58:02 UTC 2019
#31296: simplify OpenPGP signature verification instructions
------------------------------+----------------------
Reporter: dkg | Owner: hiro
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Webpages/Support | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+----------------------
Comment (by dkg):
One additional change that i don't know how to make is to encourage the
person reading these instructions to identify the correct version number
that they are installing. The instructions before my changes had as an
example the version number `8.0.8`. In my edits, i updated that to
`8.5.4` (more current).
I see three options to make this less tricky/confusing to a new user:
* update this page upon every release of TBB, so that the version number
in the instructions matches the version number they download at the time.
This is the simplest for the novice user who can just copy the commands
directly without having to learn exactly what they mean.
* use some sort of explicit placeholder in the text of the page, asking
the reader explicitly to interpolate (for example) `VERSION` for the
version that they downloaded. This ensures that the user actually
understands what they are doing, while making the verification break for
users who are confused.
* use some explicit variable expansion in the command-line instructions
(e.g. instructing the user to set `TOR_VERSION=8.5.4` as the first step),
and then doing shell variable expansion in the later stages (e.g.`gpgv
--keyring ./tor.keyring tor-install-${TOR_VERSION}{.asc,}`). This makes
the command line invocations look even more "magic" for users who don't
know shell, but gives them one explicit step to take to assert the version
number as part of the verification process.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31296#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list