Bug #16175

Unclear OpenPGP verification instructions for Linux

Added by mercedes508 2018-11-30 12:46:41 . Updated 2019-10-10 21:10:17 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Installation
Target version:
Start date:
2018-11-30
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

In our verification process instructions, before doing the “gpg —verify” commandline, people are asked to:

1. Download the Tails signing key.

And maybe this should be rephrased this way:

1. Download and import the Tails signing key in your keyring.

Because many people then get a “gpg: error reading key: public key not found” error afterward.


Subtasks


Related issues

Blocks Tails - Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing Resolved 2016-01-08

History

#1 Updated by intrigeri 2018-11-30 13:02:32

> In our verification process instructions, before doing the “gpg —verify” commandline, people are asked to:

As far as I can tell, this affects all platforms, not just Linux.

Importing a key is platform-specific so:

  • A) Either we don’t bother documenting for each platform how to import the key, so we can do what mercedes508 suggests.
  • B) Or we document how to import the key for each platform (probably below, in the “Basic OpenPGP verification” instructions).
  • C) Or we document how to import the key only for platforms where it’s super cheap, which I guess boils down to “using the command line”, and then for every other platform we probably need to add an undocumented “import our key” step.

IMO, (B) is not worth the effort: it requires lots of work and the benefits are disputable at best (people who need to be taught how to import a key should probably not rely on OpenPGP for verifying our files). Help Desk reports it affects many people so I’d rather see (A) done relatively quickly than anything harder done later.

#2 Updated by intrigeri 2018-12-03 12:39:56

  • Status changed from Confirmed to In Progress
  • QA Check set to Ready for QA

Thread starts at https://mailman.boum.org/pipermail/tails-dev/2018-December/012371.html and Cody provided a patch. Cody, you might want to read my above comment.

#3 Updated by sajolida 2018-12-13 15:02:20

  • Target version changed from Tails_3.11 to Tails_3.12

#4 Updated by sajolida 2018-12-18 18:27:48

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)
  • QA Check deleted (Ready for QA)

I applied Cody’s patch. I don’t think we should a lot of time making these instructions more complete.

#5 Updated by emmapeel 2019-07-22 07:10:31

  • Status changed from Resolved to Confirmed
  • Target version changed from Tails_3.12 to Tails_3.16

This is still happening, as the instructions do not contain the import command.

I am reopening because of another support request about this topic.

#6 Updated by sajolida 2019-09-03 09:36:56

  • related to Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing added

#7 Updated by sajolida 2019-09-03 09:37:03

  • related to deleted (Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing)

#8 Updated by sajolida 2019-09-03 09:37:17

  • blocks Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing added

#9 Updated by sajolida 2019-09-03 09:37:26

  • Target version deleted (Tails_3.16)

#10 Updated by cbrownstein 2019-09-28 03:51:26

  • Assignee set to cbrownstein

I’ll take this ticket for now.

#11 Updated by cbrownstein 2019-09-30 20:17:39

  • Status changed from Confirmed to Needs Validation
  • Assignee changed from cbrownstein to sajolida

I’ve pushed a branch that I hope will finally put this issue to rest:

https://0xacab.org/cbrownstein/tails/commits/doc/16175-unclear-openpgp-verification

#12 Updated by sajolida 2019-10-03 18:29:53

  • Assignee changed from sajolida to cbrownstein
  • Target version set to Tails_4.0

Arg! I can’t believe we’re still spending time on the damn instructions!

@emmapeel: For the record, from the stats on the downloads of the OpenPGP signature of our downloads we have 1 download of the signature per 12 direct downloads (8%). So all the time that we spend on these issues is time that we’re not spending on issues impacting more people.

@cbrownstein: I pushed a couple of improvements in doc/16175-unclear-openpgp-verification. Please have a look.

#13 Updated by cbrownstein 2019-10-09 00:25:02

  • Status changed from Needs Validation to In Progress
  • Assignee changed from cbrownstein to sajolida

Looks good!

#14 Updated by sajolida 2019-10-10 21:10:17

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)

Thanks for prompt review! I merged it.

I hope we won’t have to spend time again on these instructions in a while and it feels good to have both tickets out of the way now.