Hi, sajolida wrote (23 Apr 2011 13:06:34 GMT) : > So what I would propose is:
> - Rephrase the howto to talk about integrity and not authenticity. > And add another section about authenticity explaining that a > careful check through OpenPGP is the recommended way of checking > Tails authenticity (since even HTTPS can't always protect you from > MitM, blabla). > > - Improve the trust people can put on the website. That could mean > using a commercial SSL certificate and force HTTPS on it. Even > though I know that we can't be 100 % satisfied with such a > solution, allowing everybody to use mainstream HTTPS on > tails.boum.org could be a good step forward for the users who > won't go through careful OpenPGP checks. > > - Have a debate on limiting the open edition of some parts of the > website. I'm not sure how this works right now but I guess, if we > decide to improve the trust people can put on the website, we > don't want people to be able to freely edit the download page, the > OpenPGP key page or the 'Download Tails' button, etc. Full ack. Bye, -- intrigeri <intrig...@boum.org> | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Who wants a world in which the guarantee that we shall not | die of starvation would entail the risk of dying of boredom ? _______________________________________________ tails-dev mailing list tails-dev@boum.org https://boum.org/mailman/listinfo/tails-dev