Project

General

Profile

Bug #16175

Unclear OpenPGP verification instructions for Linux

Added by mercedes508 11 months ago. Updated 6 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Installation
Target version:
Start date:
11/30/2018
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

In our verification process instructions, before doing the "gpg --verify" commandline, people are asked to:

1. Download the Tails signing key.

And maybe this should be rephrased this way:

1. Download and import the Tails signing key in your keyring.

Because many people then get a "gpg: error reading key: public key not found" error afterward.


Related issues

Blocks Tails - Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing Confirmed 01/08/2016

History

#1 Updated by intrigeri 11 months ago

In our verification process instructions, before doing the "gpg --verify" commandline, people are asked to:

As far as I can tell, this affects all platforms, not just Linux.

Importing a key is platform-specific so:

  • A) Either we don't bother documenting for each platform how to import the key, so we can do what mercedes508 suggests.
  • B) Or we document how to import the key for each platform (probably below, in the "Basic OpenPGP verification" instructions).
  • C) Or we document how to import the key only for platforms where it's super cheap, which I guess boils down to "using the command line", and then for every other platform we probably need to add an undocumented "import our key" step.

IMO, (B) is not worth the effort: it requires lots of work and the benefits are disputable at best (people who need to be taught how to import a key should probably not rely on OpenPGP for verifying our files). Help Desk reports it affects many people so I'd rather see (A) done relatively quickly than anything harder done later.

#2 Updated by intrigeri 11 months ago

  • Status changed from Confirmed to In Progress
  • QA Check set to Ready for QA

Thread starts at https://mailman.boum.org/pipermail/tails-dev/2018-December/012371.html and Cody provided a patch. Cody, you might want to read my above comment.

#3 Updated by sajolida 10 months ago

  • Target version changed from Tails_3.11 to Tails_3.12

#4 Updated by sajolida 10 months ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)
  • QA Check deleted (Ready for QA)

I applied Cody's patch. I don't think we should a lot of time making these instructions more complete.

#5 Updated by emmapeel 3 months ago

  • Status changed from Resolved to Confirmed
  • Target version changed from Tails_3.12 to Tails_3.16

This is still happening, as the instructions do not contain the import command.

I am reopening because of another support request about this topic.

#6 Updated by sajolida about 1 month ago

  • Related to Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing added

#7 Updated by sajolida about 1 month ago

  • Related to deleted (Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing)

#8 Updated by sajolida about 1 month ago

  • Blocks Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing added

#9 Updated by sajolida about 1 month ago

  • Target version deleted (Tails_3.16)

#10 Updated by cbrownstein 19 days ago

  • Assignee set to cbrownstein

I'll take this ticket for now.

#11 Updated by cbrownstein 17 days ago

  • Status changed from Confirmed to Needs Validation
  • Assignee changed from cbrownstein to sajolida

I've pushed a branch that I hope will finally put this issue to rest:

https://0xacab.org/cbrownstein/tails/commits/doc/16175-unclear-openpgp-verification

#12 Updated by sajolida 14 days ago

  • Assignee changed from sajolida to cbrownstein
  • Target version set to Tails_4.0

Arg! I can't believe we're still spending time on the damn instructions!

@emmapeel: For the record, from the stats on the downloads of the OpenPGP signature of our downloads we have 1 download of the signature per 12 direct downloads (8%). So all the time that we spend on these issues is time that we're not spending on issues impacting more people.

@cbrownstein: I pushed a couple of improvements in doc/16175-unclear-openpgp-verification. Please have a look.

#13 Updated by cbrownstein 8 days ago

  • Status changed from Needs Validation to In Progress
  • Assignee changed from cbrownstein to sajolida

Looks good!

#14 Updated by sajolida 6 days ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)

Thanks for prompt review! I merged it.

I hope we won't have to spend time again on these instructions in a while and it feels good to have both tickets out of the way now.

Also available in: Atom PDF