Displaying Instructions for Verifying Installation Media

Leon Traille Fri, 03 Feb 2017 20:06:54 -0800


-----Original Message-----
From: Leon Traille 
Sent: Friday, February 3, 2017 3:42 PM
To: Paul Wise <[email protected]>
Subject: RE: Displaying Instructions for Verifying Installation Media


I think every page containing at least one direct download should be updated. I 
have found the following
        https://www.debian.org/distrib/
        https://www.debian.org/distrib/netinst 
        https://www.debian.org/CD/netinst/
        https://www.debian.org/devel/debian-installer/ 
        https://www.debian.org/releases/jessie/debian-installer/ 

I'd recommend placing the links in its own section with a heading and a short 
explanation.

For example, on page https://www.debian.org/distrib/netinst, you could add 
section before the downloads like the following:

        <h2>Verifying Image Files</h2>
        <p>Official releases of Debian images come with checksum files 
(SHA1SUMS, SHA256SUMS, etc.) that enable you to verify the image you've 
obtained. These checksum files have signatures stored in other files 
(SHA1SUMS.sign, SHA256SUMS.sign, etc.). Before you use a checksum to verify an 
image, you need to verify the checksum file with its signature. Look for the 
checksum and checksum signature files alongside the image downloads below.</p>
        <p>For more information about how to verify the image files, read the 
<a href="https://www.debian.org/CD/verify";>verification guide</a>.</p>

The download and checksum links below a verification section could be organized 
like the following:

        <table>
        <tr>
                <td><a 
href="http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.7.1-amd64-netinst.iso";>amd64</a></td>
                <td>[<a 
href="http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS.sign";>SHA256SUMS.sign</a>]</td>
                <td>[<a 
href="http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS";>SHA256SUMS</a>]</td>
                <td>[<a 
href="http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/";>Other 
Files</a>]</td>
        </tr>
        <tr>
                <td><a 
href="http://cdimage.debian.org/debian-cd/current/i386/iso-cd/debian-8.7.1-i386-netinst.iso";>i386</a></td>
                <td>[<a 
href="http://cdimage.debian.org/debian-cd/current/i368/iso-cd/SHA256SUMS.sign";>SHA256SUMS.sign</a>]</td>
                <td>[<a 
href="http://cdimage.debian.org/debian-cd/current/i386/iso-cd/SHA256SUMS";>SHA256SUMS</a>]</td>
                <td>[<a 
href="http://cdimage.debian.org/debian-cd/current/i386/iso-cd/";>Other 
Files</a>]</td>
        </tr>
        </table>

I think it is best to place the all the download sections after the 
verification section.

The https://www.debian.org/CD/live/ page doesn't contain direct downloads but 
the pages it does link to do not contain verification like other similar pages. 
For example, compare 
http://cdimage.debian.org/debian-cd/current-live/amd64/bt-hybrid/ with 
http://cdimage.debian.org/debian-cd/current/multi-arch/iso-cd/ . I think pages 
like the former should be changed to look like the latter. This includes the 
following pages:
        http://cdimage.debian.org/debian-cd/current-live/amd64/bt-hybrid/
        http://cdimage.debian.org/debian-cd/current-live/i386/bt-hybrid/
        http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/
        http://cdimage.debian.org/debian-cd/current-live/i386/iso-hybrid/

I also think the verification page https://www.debian.org/CD/verify is a little 
too vague. I think it should include step by step details of how to perform the 
verification with commands and expected outputs.

I think the installation guides should also include detailed explanation of and 
recommendation for verification with appropriate links to the secure 
verification guide page https://www.debian.org/CD/verify 

The download on the main page https://www.debian.org/ should navigate to a page 
with a verification section, before automatically downloading the file. This 
allows the same behavior of having a direct download on the main page but with 
the benefit of having the user see a verification recommendation.

I would also like to note that some other distributions provide the checksum on 
a secure page, simplifying the verification process considerably.

https://www.debian.org/distrib/
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Paul 
Wise
Sent: Thursday, February 2, 2017 10:18 PM
To: Leon Traille <[email protected]>
Cc: [email protected]
Subject: Re: Displaying Instructions for Verifying Installation Media

On Fri, Feb 3, 2017 at 3:55 AM, Leon Traille wrote:

> I think that suggesting and linking to verification instructions would 
> further the interests of Internet users.

Could you suggest which web pages we should modify and what the new wording on 
those pages should be?

--
bye,
pabs

https://wiki.debian.org/PaulWise

Displaying Instructions for Verifying Installation Media

Reply via email to