Opened 4 years ago

Last modified 7 weeks ago

#17425 assigned defect

Improve GetTor Signature Section

Reported by: sukhbir Owned by:
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Normal Keywords: gettor-roadmap, ex-sponsor-19, ex-sponsor19
Cc: mrphs, ilv, cohosh Actual Points:
Parent ID: #9036 Points:
Reviewer: Sponsor:

Description

The current GetTor reply we decided earlier was (and which is currently deployed):

SHA256 of Tor Browser 32/64-bit (advanced): 443b38f4aa1194125ca3c79157272d5c64006928c9128127788c1cdefa642d85
Fingerprint of key used to sign Tor Browser (advanced): 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659

We can do better. If you see ticket:9036#comment:16, we will be introducing a new section on signatures and verification of the bundles. This is tricky since on one hand we want users to verify the bundles they downloaded, but on the other, it's not always easy to do so. This ticket will focus on what the text should look like and how we should ensure that users are easily able to verify the bundles.

(It's easier said than done and it's not like we are the first ones trying to solve this problem but we should focus on it from GetTor's context to narrow it down.)

Child Tickets

Change History (7)

comment:1 Changed 4 years ago by ilv

I think the signatures section in the body message should have the minimum information needed to check the integrity of the files, otherwise the message will be TLDR. For the purpose of teaching end users how to do that, I think the best option would be to attach one or two guides. I wrote a proposal for verifying signatures here. What do you think of this idea?

comment:2 Changed 4 years ago by sukhbir

I agree that the main body should have very little information. Though we want that people should verify the bundles, we realize that this easier said than done.

I guess your idea about the guide is probably the best way to go forward. We should work on improving it's text.

Version 0, edited 4 years ago by sukhbir (next)

comment:3 in reply to:  2 Changed 4 years ago by ilv

Replying to sukhbir:

I guess your idea about the guide is probably the best way to go forward. We should work on improving its text.

Yes, and as you know, English is not my mother tongue, so some sentences might not sound natural to common people. In the dev meeting someone advised me that all gettor messages should be reviewed by a native English speaker :)

comment:4 Changed 8 months ago by gaba

Keywords: gettor-roadmap added
Owner: ilv deleted
Sponsor: Sponsor19
Status: newassigned

comment:5 Changed 6 months ago by gaba

Keywords: ex-sponsor-19 added

Adding the keyword to mark everything that didn't fit into the time for sponsor 19.

comment:6 Changed 6 months ago by gaba

Keywords: ex-sponsor19 added
Sponsor: Sponsor19

Remove sponsor 19 and add a keyword ex-sponsor19 to mark all the tickets that could have been in the scope of the sponsor.

comment:7 Changed 7 weeks ago by cohosh

Cc: cohosh added

cc'ing cohosh on open GetTor tickets.

Note: See TracTickets for help on using tickets.