[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9843 [Website]: Short User Manual verification section
#9843: Short User Manual verification section
-------------------------+-------------------
Reporter: Sherief | Owner: runa
Type: task | Status: new
Priority: minor | Milestone:
Component: Website | Version:
Resolution: | Keywords:
Actual Points: | Parent ID: #8779
Points: |
-------------------------+-------------------
Comment (by runa):
'''General comments''':
The manual needs to be even more user friendly. The language is very
technical and assumes a lot of things about the reader. Ideally, the
manual should give the reader all the information that she needs to fully
understand the what, the why, and the how. The manual should also make it
clear that all of our software packages are signed, it's not just the
stable Tor Browser Bundle for Windows (which you include a screenshot of).
'''Why''':
This section should be written for a more general, non-technical audience.
Not everyone will understand what an adversary is, nor feel they have
anything to worry about. What are the risks involved with not verifying a
package you download? How does the process of verifying a digital
signature improve things?
'''What''':
Again, this section needs to be written for a more general, non-technical
audience. What does verifying a signature actually mean? What is a GPG
key? Be careful with referencing specific versions of the Tor Browser
Bundle as it may confuse some readers. If you want to use a filename as an
example (in a sentence or in a command line argument), make that clear.
'''How''':
The previous section talks a lot about the stable Tor Browser Bundle for
Windows, but this section only mentions "the appropriate bundle". Be
consistent and give the user all the information necessary to successfully
follow this manual.
The process of verifying a digital signature can be confusing, especially
if you have never done it before. Try to include as much explanatory
information as possible.
This section should explain why you need to have both .exe and .asc in the
same place, it should link to the verifying-signatures-page and the
signing-keys-page we have on torproject.org, it should explain what the
user should do if keys.gnupg.net goes down, and why it is important to
verify the fingerprint of the key.
The output you illustrate in step III does not match the output you get in
the screenshot below (Figure X). It also looks like you skipped the step
of verifying the fingerprint of Erinn's key. The last sentence in step III
should probably be a part of step IV? It might be a good idea to clarify
that users who get a bad signature should not run the Tor Browser Bundle
they just downloaded.
The screenshot at the bottom (Figure X) contains a warning. What does this
mean?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9843#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs