Re: [RFR] wml://CD/verify.html (was: Add extra page at /CD/verify.html)

To: Debian L10n English <debian-l10n-english@lists.debian.org>
Cc: debian-cd@lists.debian.org, The Debian Web site <debian-www@lists.debian.org>
Subject: Re: [RFR] wml://CD/verify.html (was: Add extra page at /CD/verify.html)
From: Justin B Rye <jbr@edlug.org.uk>
Date: Sun, 3 Apr 2011 00:21:01 +0100
Message-id: <[🔎] 20110402232101.GA19091@xibalba.demon.co.uk>
Mail-followup-to: Debian L10n English <debian-l10n-english@lists.debian.org>, debian-cd@lists.debian.org, The Debian Web site <debian-www@lists.debian.org>
In-reply-to: <[🔎] 4D979DA2.6050500@tilapin.org>
References: <20110316175439.GG17267@einval.com> <[🔎] 4D979DA2.6050500@tilapin.org>

David Prévot wrote:
> I would propose to avoid the “we” form, diff and resulting file
> attached, so I add the L10n English list in the loop to correct my
> cheesy English, thanks in advance.

(I wouldn't necessarily have bothered avoiding the "we" myself, but if
it's consistently avoided elsewhere in the text then fair enough.)

> --- english/CD/verify-sledge.wml	2011-04-02 17:14:53.443982597 -0400
> +++ english/CD/verify.wml	2011-04-02 17:36:58.143981832 -0400
> @@ -11,9 +11,9 @@
>  <p>To validate the contents of a CD image, first of all use the

Oh, by the way, this use of "first of all" is a bit awkward, since
the same phrase occurs in the previous paragraph, where it meant
"first in sequence" (in contrast with "secondly").  Here on the other
hand it's used in the sense of "first in importance" ("primarily").
My attached version replaces it with "just be sure to..."

>  appropriate checksum tool. For older archived CD releases, only MD5
>  checksums were generated in the <tt>MD5SUMS</tt> files; you should use
> -the tool <tt>md5sum</tt> to work with these. For newer releases, we
> -have moved to newer, cryptographically stronger checksum algorithms
> -(SHA1, SHA256 and SHA512) and there are equivalent tools available to
> +the tool <tt>md5sum</tt> to work with these. For newer releases,
> +newer and cryptographically stronger checksum algorithms
> +(SHA1, SHA256 and SHA512) are used and there are equivalent tools available to
>  work with these.</p>

That looks fine; maybe an extra comma after "used" would help, but
it's not essential.

[...]

> -<p>We have gradually moved away from using the personal keys belonging
> -to developers to using official <q>role</q> keys instead. However, we
> -have decided not to go back and re-sign all the old releases that were
> +<p>
> +Official <q>role</q> keys have been gradually used instead of personal
> +keys belonging to developers. However, it
> +was decided not to go back and re-sign all the old releases that were
>  already signed using the older keys.</p>

"Gradually used" isn't quite right, and then I suppose I might as well
tweak the "it was decided not to" as well.

  +<p>
  +Official <q>role</q> keys have gradually replaced the use of personal
  +keys belonging to developers. However, a decision was made not to go
  +back and re-sign all the old releases that were

(Or if people want to wrestle with this phrasing some more, "a
decision against going back and re-signing" could also work.)
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

#use wml::debian::cdimage title="Verifying authenticity of Debian CDs" BARETITLE=true

<p>Official releases of Debian CDs come with signed checksum
files. These allow you to check that the images you download are
correct. First of all, the checksum can be used to check that the CDs
have not been corrupted during download. Secondly, the signatures on
the checksum files allow you to confirm that the files are the ones
officially released by the Debian CD / Debian Live team and have not
been tampered with.</p>

<p>To validate the contents of a CD image, just be sure to use the
appropriate checksum tool. For older archived CD releases, only MD5
checksums were generated in the <tt>MD5SUMS</tt> files; you should use
the tool <tt>md5sum</tt> to work with these. For newer releases,
newer and cryptographically stronger checksum algorithms
(SHA1, SHA256 and SHA512) are used, and there are equivalent tools available to
work with these.</p>

<p>To ensure that the checksums files themselves are correct, use
GnuPG to verify them against the accompanying signature files
(e.g. <tt>MD5SSUMS.sign</tt>). The keys used for these signatures are
all in the <a href="http://keyring.debian.org";>Debian GPG keyring</a>
and the best way to check them is to use that keyring to validate via
the web of trust. To make life easier for users, here are the
fingerprints for the keys that have been used for releases in recent
years (with some UIDs removed for clarity):</p>

#include "$(ENGLISHDIR)/CD/CD-keys.data"

<p>
Official <q>role</q> keys have gradually replaced the use of personal
keys belonging to developers. However, a decision was made not to go
back and re-sign all the old releases that were
already signed using the older keys.</p>

Reply to:

Follow-Ups:
- [LCFC] wml://CD/verify.html
  - From: David Prévot <david@tilapin.org>

References:
- [RFR] wml://CD/verify.html (was: Add extra page at /CD/verify.html)
  - From: David Prévot <david@tilapin.org>

Prev by Date: [RFR] wml://CD/verify.html (was: Add extra page at /CD/verify.html)
Next by Date: Re: MBF alert: packages with very long source / .deb filenames
Previous by thread: [RFR] wml://CD/verify.html (was: Add extra page at /CD/verify.html)
Next by thread: [LCFC] wml://CD/verify.html
Index(es):
- Date
- Thread