[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-dev
Subject:    Re: svn commit: r1839039 - /subversion/site/staging/download.html
From:       Daniel Shahaf <d.s () daniel ! shahaf ! name>
Date:       2018-08-25 14:43:59
Message-ID: 1535208239.3158986.1485912280.42298EB2 () webmail ! messagingengine ! com
[Download RAW message or body]

Stefan wrote on Sat, 25 Aug 2018 15:42 +0200:
> On 25/08/2018 15:21, Daniel Shahaf wrote:
> > luke1410@apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> > > +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> > > @@ -258,7 +258,8 @@ Other mirrors:
> > > 
> > > <p>Alternatively, you can verify the checksums on the files.
> > [preëxisting issue] This sentence is misleading to people not well-versed
> > in crypto, isn't it?
> > 
> > PGP verification provides stronger assurances than a checksum
> > verification, but this sentence makes it sound like the two methods are
> > equivalent.  How about changing it to, say, ---
> > 
> > If you're unable to verify the PGP signatures, you can instead verify the \
> > checksums on the files. However, PGP signatures are superior[citation needed] to \
> > checksum, and we recommend to verify using PGP whenever possible. 
> > Where [citation needed] links to some not-too-technical explanation of the \
> > matter.
> Sounds reasonable to me. Don't hesitate to adjust. ;-)

Thanks for the review.  Added the text in r1839066 (without a citation).


[prev in list] [next in list] [prev in thread] [next in thread]