[prev in list] [next in list] [prev in thread] [next in thread]
List: subversion-dev
Subject: Re: svn commit: r1839039 - /subversion/site/staging/download.html
From: Daniel Shahaf <d.s () daniel ! shahaf ! name>
Date: 2018-08-25 14:43:59
Message-ID: 1535208239.3158986.1485912280.42298EB2 () webmail ! messagingengine ! com
[Download RAW message or body]
Stefan wrote on Sat, 25 Aug 2018 15:42 +0200:
> On 25/08/2018 15:21, Daniel Shahaf wrote:
> > luke1410@apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> > > +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> > > @@ -258,7 +258,8 @@ Other mirrors:
> > >
> > > <p>Alternatively, you can verify the checksums on the files.
> > [preƫxisting issue] This sentence is misleading to people not well-versed
> > in crypto, isn't it?
> >
> > PGP verification provides stronger assurances than a checksum
> > verification, but this sentence makes it sound like the two methods are
> > equivalent. How about changing it to, say, ---
> >
> > If you're unable to verify the PGP signatures, you can instead verify the \
> > checksums on the files. However, PGP signatures are superior[citation needed] to \
> > checksum, and we recommend to verify using PGP whenever possible.
> > Where [citation needed] links to some not-too-technical explanation of the \
> > matter.
> Sounds reasonable to me. Don't hesitate to adjust. ;-)
Thanks for the review. Added the text in r1839066 (without a citation).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic