On Tuesday 04 January 2011 16:22:20 Daxter wrote: > On Jan 1, 2011, at 11:57 AM, Matthew Toseland wrote: > > On Saturday 01 January 2011 17:51:41 Fabio Spelta wrote: > >> > >> Glad to know it. Where are they published? > >> I'd suggest you to publish the instructions and the links to do so right > >> into the install instructions. > > > > We do, but it's not very prominent because most users don't use it. Reread > > the download page. > > You can say that again! It's only ever mentioned in the Linux download > instructions. There's no reference to it for Mac or Windows.
Linux users are assumed to be geeks. Mac and Windows users are not. :) Ideally the Windows installer would be signed code. In fact ideally they'd all be signed - jar's can be signed too. But we'd have to buy a cert ... > The worst part about the current setup is that even if a person that's > running Windows or Mac reads the instructions word-for-word they still will > have no idea that there is anything available to ensure that the file they > want to download isn't molested. How can we expect newbies to take security > precautions when the methods aren't well-explained, and sometimes aren't > explained at all? They're using Windows. They're not geeks, they don't care about or know about such issues. Is that hopelessly patronising, or is it realistic? > > I tried it out using GnuPG (for Mac) to verify the offline installer .jar > file, but I received an error: > "Can't check signature: public key not found" So download my key, the one used to sign this email. > > The command I typed was -> gpg --verify [installer] [.sig] > > Am I doing something wrong?
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe