Bug #11157

Link to the detached signature of the ISO in the torrent documentation

Added by sajolida 2016-02-22 07:58:48 . Updated 2018-01-21 11:52:06 .

Status:
Rejected
Priority:
Low
Assignee:
Category:
Installation
Target version:
Start date:
2016-02-22
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:

Starter:
1
Affected tool:
Installation Assistant
Deliverable for:

Description

In Feature #11127 we decided to keep detached signatures of Torrent files, so we should link them from wiki/src/install/inc/steps/download.inline.html.

Subtasks

Related issues

Related to Tails - Feature #11127: Stop distributing detached signatures of Torrent files Rejected 2016-02-14
Related to Tails - Bug #11121: Adjust our release process to publish torrents for betas and RCs Resolved 2016-02-13
Has duplicate Tails - Bug #11516: OpenPGP signature for tails-i386-2.4.torrent is missing Duplicate 2016-06-07

History

#1 Updated by sajolida 2016-02-22 07:59:34

  • related to Feature #11127: Stop distributing detached signatures of Torrent files added

#2 Updated by sajolida 2016-02-25 15:35:18

  • related to Bug #11121: Adjust our release process to publish torrents for betas and RCs added

#3 Updated by sajolida 2016-04-29 09:34:31

  • Priority changed from Normal to Low

The work on this ticket should start with reverting c506c4c.

#4 Updated by sajolida 2016-06-16 09:50:31

  • has duplicate Bug #11516: OpenPGP signature for tails-i386-2.4.torrent is missing added

#5 Updated by sajolida 2016-06-16 09:51:14

  • Assignee set to sajolida
  • Priority changed from Low to Normal

#6 Updated by sajolida 2016-11-04 12:53:05

  • Assignee deleted (sajolida)
  • Priority changed from Normal to Low

I really don’t feel like doing that and it should be low prio. I really doubt that people arguing that they really want to verify the Torrent file downloaded through HTTPS from our website not to exploit a bug in their BitTorrent client do this for every single torrent they download. The cons of additional complexity for everybody really doesn’t seem to outweight the supposed benefit for a few.

#7 Updated by Anonymous 2017-06-30 13:54:57

I cant see a detached signature for the torrent file itself, only for the ISO: https://tails.boum.org/torrents/files/

#8 Updated by Anonymous 2017-06-30 13:56:22

  • Subject changed from Link to the detached signature of the Torrent file to Link to the detached signature of the ISO in the torrent documentation

#9 Updated by Anonymous 2017-06-30 13:57:01

  • Starter set to Yes

Should be quite easy to add a link to the ISO sig in the markdown file.

#10 Updated by Anonymous 2018-01-17 15:19:17

  • Description updated

Huh, the referenced file does not exist anymore, instead we talk about this file: wiki/src/install/inc/steps/download.inline.html

And we also have https://tails.boum.org/torrents/ which has the link we talk about in this ticket.

So the second page should simply be linked from the first file.

#11 Updated by sajolida 2018-01-21 11:52:06

  • Status changed from Confirmed to Rejected

The issues here is not whether it’s easy or not to add extra information to our download page. That’s easy indeed. But whether this extra information is worth is. As stated in Bug #11157#note-6, I really doubt whether the cons of additional complexity for everybody really doesn’t seem to outweight the supposed benefit for a few.

To be frank, I’m pretty much against doing this despite Feature #11127. If anyone wants to reopen this ticket, please also take into account the cost of adding one more “thing to download and do” in the download process on top of the corner case security issues raised in Feature #11127.