Project

General

Profile

Bug #16175

Unclear OpenPGP verification instructions for Linux

Added by mercedes508 9 months ago. Updated 29 days ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Installation
Target version:
Start date:
11/30/2018
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

In our verification process instructions, before doing the "gpg --verify" commandline, people are asked to:

1. Download the Tails signing key.

And maybe this should be rephrased this way:

1. Download and import the Tails signing key in your keyring.

Because many people then get a "gpg: error reading key: public key not found" error afterward.

History

#1 Updated by intrigeri 9 months ago

In our verification process instructions, before doing the "gpg --verify" commandline, people are asked to:

As far as I can tell, this affects all platforms, not just Linux.

Importing a key is platform-specific so:

  • A) Either we don't bother documenting for each platform how to import the key, so we can do what mercedes508 suggests.
  • B) Or we document how to import the key for each platform (probably below, in the "Basic OpenPGP verification" instructions).
  • C) Or we document how to import the key only for platforms where it's super cheap, which I guess boils down to "using the command line", and then for every other platform we probably need to add an undocumented "import our key" step.

IMO, (B) is not worth the effort: it requires lots of work and the benefits are disputable at best (people who need to be taught how to import a key should probably not rely on OpenPGP for verifying our files). Help Desk reports it affects many people so I'd rather see (A) done relatively quickly than anything harder done later.

#2 Updated by intrigeri 9 months ago

  • Status changed from Confirmed to In Progress
  • QA Check set to Ready for QA

Thread starts at https://mailman.boum.org/pipermail/tails-dev/2018-December/012371.html and Cody provided a patch. Cody, you might want to read my above comment.

#3 Updated by sajolida 8 months ago

  • Target version changed from Tails_3.11 to Tails_3.12

#4 Updated by sajolida 8 months ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)
  • QA Check deleted (Ready for QA)

I applied Cody's patch. I don't think we should a lot of time making these instructions more complete.

#5 Updated by emmapeel 29 days ago

  • Status changed from Resolved to Confirmed
  • Target version changed from Tails_3.12 to Tails_3.16

This is still happening, as the instructions do not contain the import command.

I am reopening because of another support request about this topic.

Also available in: Atom PDF