luke1...@apache.org wrote on Sat, 25 Aug 2018 12:48 +0000:
> +++ subversion/site/staging/download.html Sat Aug 25 12:48:24 2018
> @@ -258,7 +258,8 @@ Other mirrors:
>
> <p>Alternatively, you can verify the checksums on the files.
[preƫxisting issue] This sentence is misleading to people not well-versed
in crypto, isn't it?
PGP verification provides stronger assurances than a checksum
verification, but this sentence makes it sound like the two methods are
equivalent. How about changing it to, say, ---
If you're unable to verify the PGP signatures, you can instead verify the
checksums on the files.
However, PGP signatures are superior[citation needed] to checksum, and we
recommend to verify using PGP whenever possible.
Where [citation needed] links to some not-too-technical explanation of the
matter.
> A unix program called <code>sha512sum</code>
> - is included in many unix distributions.</p>
> + is included in many unix distributions.<br />
> + On Windows you can use the certutil command line tool, for instance.</p>
Perhaps add the specific --option flags here? Or at least use <code/>
tags to get the monospaced font.
Cheers,
Daniel
