Hi Cody, > I agree with you that the user should be instructed to not only download > the Tails signing key but to import it as well.
An alternative would be to add "--auto-key-retrieve" to gpg options before "--verify", that would (as the name implies) download the key if it's not present locally avoiding the entire import step. (The key and signature can be configured to download the key from https://boum.org, avoiding issues with keyservers). Another suggestion may be adding "--with-fingerprint" to "--verify" and asking the user to check if the verification prints: > Primary key fingerprint: A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F (Currently the guide shows an example with an output that prints subkey fingerprint, and that may change while the primary key's fingerprint stays the same). Kind regards, Wiktor -- https://metacode.biz/@wiktor _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
