Feature #14630
Adjust installation instructions to Tails Verification
0%
Description
Our current design proposal implies splitting at least the download in a dedicated step.
Files
Subtasks
History
#1 Updated by sajolida 2017-09-13 07:23:59
- related to
Feature #14628: Migrate Firefox extension to Web Extensions added
#2 Updated by sajolida 2017-09-13 07:24:03
- related to deleted (
)Feature #14628: Migrate Firefox extension to Web Extensions
#3 Updated by sajolida 2017-09-13 07:24:13
- blocked by
Feature #14628: Migrate Firefox extension to Web Extensions added
#4 Updated by sajolida 2017-09-13 07:24:32
- blocked by
Feature #14629: Tails Verification for Google Chrome added
#5 Updated by sajolida 2017-11-04 16:22:57
- Assignee changed from sajolida to cbrownstein
- QA Check set to Ready for QA
- Feature Branch set to web/14630-adjust-to-new-verification-extension
I have something!
In the branch you’ll find an update of the Installation Assistant to replace DAVE with the new download page and verification extension. I also did some other improvements on the Installation Assistant while I was at it.
I still have to:
- Fix and improve the design of the download page. Right now it’s pretty ugly and the Next buttons are partly broken. Please don’t review that part because it’s not done :) →
Bug #14912. - Do some other adjustements to the structure of the Installation Assistant →
Feature #11493+Feature #14922.
#6 Updated by cbrownstein 2017-11-07 03:53:39
- Assignee changed from cbrownstein to sajolida
- QA Check changed from Ready for QA to Info Needed
Line 142 of wiki/src/install/inc/steps/download.inline.html
<a>What is BitTorrent?</a>
I believe that’s supposed to be a link but to what page I couldn’t figure out. I can write something if needed.
#7 Updated by cbrownstein 2017-11-07 08:45:10
I believe the following issue is unrelated to this ticket, but I noticed it while reviewing: /lib/js/mirror-dispatcher.js
is being sourced but is nonexistent. It appears to be brought in by wiki/src/templates/page.tmpl
at line 26.
#8 Updated by sajolida 2017-11-08 18:33:45
- Assignee changed from sajolida to cbrownstein
- QA Check changed from Info Needed to Ready for QA
“What is BitTorrent” missing: Oops! I have something written for that already but forgot to code it. That’s exactly the kind of silly mistakes that I need you to spot!
mirror-dispatcher.js: I’m actually not even sure myself how it’s included on the website but the code live in a different Git repo and it well served by boum.org, so that shouldn’t be a problem: https://tails.boum.org/lib/js/mirror-dispatcher.js. Now, I’m not sure I added the CSS class required for the mirror-dispatcher to be triggered.
I’ll work on both issues tomorrow!
Anything else from your review?
#9 Updated by sajolida 2017-11-09 18:12:51
- Subject changed from Adjust installation instructions to DAVE 2 to Adjust installation instructions to Tails Verification
- Assignee changed from cbrownstein to sajolida
- QA Check changed from Ready for QA to Dev Needed
I’m realising lately that it’s a mess to develop and debug the new download page from that branch since I can’t make the extension work on a local build of the website. So hold on: I’ll rewrite the history of that branch to move out the development of the download page itself to Bug #14627 and the CSS polishing to Feature #14921.
I’ll tell you once the new Git history is ready.
#10 Updated by sajolida 2017-11-09 19:04:14
- Assignee changed from sajolida to cbrownstein
- QA Check changed from Dev Needed to Ready for QA
I’m done rewriting the history of this branch. It was easier than I thought (happy I did small commits in the first place!). I only removed the renaming of download_2.inline.html into download.inline.html (so I can continue merging master into this branch as I work on the download page in master) and moved a few commits to master. But the content is exactly the same and you don’t have to review again what you already looked at.
I did a git push --force
so be careful what you fetch it. If you didn’t add any commits locally on it you can do, from your local branch, git fetch
and then git reset --hard origin/web/14630-adjust-to-new-verification-extension
.
So now I’ll keep on doing all the changes to the download page on Bug #14627 so it can be working and good looking on the production website and I’ll keep this branch for the integration work.
I might continuously add commits to it until Monday but what’s there shouldn’t change anymore.
#11 Updated by cbrownstein 2017-11-10 03:54:35
- Assignee changed from cbrownstein to sajolida
- QA Check changed from Ready for QA to Pass
Looks good to me!
#12 Updated by sajolida 2017-11-10 18:36:55
Pending issues:
- Integrate the mirror pool
- Add missing BitTorrent explanation
- Add missing download links
#13 Updated by sajolida 2017-11-11 17:13:57
- QA Check changed from Pass to Dev Needed
Solved on Feature #14630 but I still need to do more work on the integration of the OpenPGP instructions :(
#14 Updated by sajolida 2017-11-14 13:20:47
- Target version changed from Tails_3.3 to Tails_3.5
#15 Updated by sajolida 2017-11-16 20:33:36
- Assignee changed from sajolida to cbrownstein
- QA Check changed from Dev Needed to Ready for QA
I think I’m done with this integration branch now. See the work I pushed on this branch since you last reviewed it.
#16 Updated by cbrownstein 2017-11-17 01:50:14
- File Screenshot from 2017-11-16 17-34-27.png added
- Assignee changed from cbrownstein to sajolida
- QA Check deleted (
Ready for QA)
I’m still reviewing but I immediately noticed this formatting error.
#17 Updated by cbrownstein 2017-11-17 02:44:37
> Verifying using OpenPGP but without authenticating our signing key through the OpenPGP Web of Trust is equivalent in terms of security to verifying using our browser extension or BitTorrent because it relies on downloading a genuine signing key from our website.
I’m going to try to clean that up. That’s a lot of words in one sentence.
> Authenticating our signing key through the OpenPGP Web of Trust is the only verification technique that can protect you in case our website is compromised. It is also the most complicated technique and might not be possible for everyone to perform because it relies on trust relationships between individuals.
These sentences seem to suggest that authenticating the Tails signing key is a verification technique, which it isn’t. I propose to rewrite these sentences as follows: “Authenticating our signing key through the OpenPGP Web of Trust is the only way you can be protected in case our website is compromised. However, it is complicated to do this and it might not be possible for everyone because it relies on trust relationships between individuals.”
I’m maintaining a branch here:
https://github.com/cbrownstein/tails/tree/web/14630-adjust-to-new-verification-extension
#18 Updated by sajolida 2017-11-17 15:23:27
- Assignee changed from sajolida to cbrownstein
- QA Check set to Ready for QA
Thanks for all these little fixes!
During your review did you find any mistake on the ikiwiki code itself, like broken links, broken HTML, references from other pages that I might have missed, etc?
Because I’d like first to make sure that this branch is not breaking anything elsewhere and is in a good shape to replace the current instructions.
After the initial release we can continue to polish the language. I wanted to clarify these priorities with you yesterday before asking for my review but I forgot, sorry! :/
I’ll fix “Screenshot from 2017-11-16 17-34-27.png” in Feature #14921.
#19 Updated by sajolida 2017-11-17 15:34:24
Ah, and I also removed 8da9a5a4c1 from my branch and then only cherry-picked your 3 commits on top. I wanted to keep 8da9a5a4c1 as the very last commit before the release and I shouldn’t have pushed it to the main repo yesterday. Sorry about that!
This means that I will do a push --force
and that you’ll have to be careful when fetching my changes. Maybe do git fetch
and the git reset --hard origin/web/14630-adjust-to-new-verification-extension
but make sure that you don’t have any local changes that you didn’t push yet (if you have some just push your branch as usual and I’ll deal with the mess).
#20 Updated by cbrownstein 2017-11-17 18:51:11
- Assignee changed from cbrownstein to sajolida
- QA Check changed from Ready for QA to Pass
Looks good!
#21 Updated by spriver 2017-11-19 18:14:31
My reviewing and remarks (beside the already awesome work done (: ), based on web/14630-adjust-to-new-verification-extension, which differs a bit from https://tails.boum.org/install/download_2:
Direct download
- the sentence “I already downloaded Tails 3.3 .” looks a bit weird to me because of the period at the end (which implies that there might be a following sentence. Perhaps it’s a bit more weird looking for me because of the whitespace before the period at the end). Maybe that’s some weird nitpicking (:
BitTorrent download:
- we actually don’t tell users what to do with the BitTorrent file. We explain what BitTorrent and it’s client are but neither direct users to open the .torrent file, nor what the content of the torrent archive actually is (maybe the last point I mentioned is not necessary as the only needed file is the .iso. But at least we’re not explaining that the downloaded torrent folder is containing the .iso file which is later needed for installation/upgrading/whatever)
Verifying with OpenPGP:
- we don’t tell users that the necessary tools (GPG4Win/GPGTools) have to be installed first. Maybe this explanation is not needed, as verifying via OpenPGP is for more skilled persons (perhaps we should mark it then as a verification method for skilled users who understand what a OpenPGP signature, etc. is).
- the whole section “Verify using OpenPGP (optional)” looks a bit “huge” and important (in comparison to the " Download and verify" section). It’s only optional so it maybe should be grayed out in a way similar to the upper sections
- the screenshot
verifying_in_tails.png
does not comply with our screenshot guidelines (https://tails.boum.org/contribute/how/documentation/guidelines/#index5h1).
I checked links, etc. which are fine for me, I could not find anything suspicious. Translations are also fine, also translating the newly added content (tried with strings in several places). There might be some inline translation errors due to the known ikiwiki bug, but let’s see, I did not try a whole translation of the page as I don’t have one so far.
#22 Updated by sajolida 2017-11-26 18:54:19
> * the sentence “I already downloaded Tails 3.3 .” looks a bit weird to me because of the period at the end (which implies that there might be a following sentence. Perhaps it’s a bit more weird looking for me because of the whitespace before the period at the end). Maybe that’s some weird nitpicking (:
Cody also said that to me. Sorry! My rationale here is that it deserve a
period because it’s a full sentence, with a subject, a verb and all.
The other bits of text on the page are either heading or button labels
without being full sentences.
See for example the homepage of Facebook (https://www.facebook.com/).
They write:
- Create Account: not a complete sentence, button label → no period.
- Create a Page for a celebrity, band or business.: complete sentence,
not a button label → period.
> BitTorrent download:
> * we actually don’t tell users what to do with the BitTorrent file. We explain what BitTorrent and it’s client are but neither direct users to open the .torrent file, nor what the content of the torrent archive actually is (maybe the last point I mentioned is not necessary as the only needed file is the .iso. But at least we’re not explaining that the downloaded torrent folder is containing the .iso file which is later needed for installation/upgrading/whatever)
I’m not super convinced but I added a note in f390c808a8. I’m putting
this in the branch for Feature #14921 so that Cody has only one branch to review
from now on.
> Verifying with OpenPGP:
> * we don’t tell users that the necessary tools (GPG4Win/GPGTools) have to be installed first. Maybe this explanation is not needed, as verifying via OpenPGP is for more skilled persons (perhaps we should mark it then as a verification method for skilled users who understand what a OpenPGP signature, etc. is).
Keep in mind that we’re adding these instructions here as a reminder for
people who already know these tools but not as full instructions. And
clearly, if you don’t have OpenPGP installed, you’re not the target
audience for these instructions.
> * the whole section “Verify using OpenPGP (optional)” looks a bit “huge” and important (in comparison to the " Download and verify" section). It’s only optional so it maybe should be grayed out in a way similar to the upper sections
I could be grayed at the beginning (before clicking on the download)
like the other verification methods. I’ll try to do that in Feature #14921, thanks!
> * the screenshot verifying_in_tails.png
does not comply with our screenshot guidelines (https://tails.boum.org/contribute/how/documentation/guidelines/#index5h1).
Moving this to Feature #14921.
> I checked links, etc. which are fine for me, I could not find anything suspicious. Translations are also fine, also translating the newly added content (tried with strings in several places). There might be some inline translation errors due to the known ikiwiki bug, but let’s see, I did not try a whole translation of the page as I don’t have one so far.
Cool! Thanks for triple checking!
#23 Updated by sajolida 2017-11-27 00:37:51
>> the whole section “Verify using OpenPGP (optional)” looks a bit “huge” and important (in comparison to the " Download and verify" section). It’s only optional so it maybe should be grayed out in a way similar to the upper sections
> I could be grayed at the beginning (before clicking on the download)
like the other verification methods. I’ll try to do that in Feature #14921, thanks!
Nah, I tried to do that and it was too complicated to be worth it.
#24 Updated by sajolida 2017-12-03 15:49:28
- Assignee deleted (
sajolida) - QA Check deleted (
Pass)
I merged this with a first public release of Tails Verification. Yeah!
#25 Updated by sajolida 2017-12-03 15:50:50
- blocks deleted (
)Feature #14628: Migrate Firefox extension to Web Extensions
#26 Updated by sajolida 2017-12-03 15:50:52
- blocks deleted (
)Feature #14629: Tails Verification for Google Chrome
#27 Updated by sajolida 2017-12-03 15:51:09
- Status changed from Confirmed to Resolved