Closed maltfield closed 2 months ago
Note: This is not a support request asking for information on how to verify release signatures.
The only resolution to this ticket is by updating the getsession.org download page with the information (or a link-to the information) that documents how users can verify release signatures.
Here are some examples of "verifying this release" project documentation from other projects
Yes, so one solution to this ticket would be to update https://getsession.org/download with text that says:
"to verify the authenticity of this release with PGP, please see Verifying Signatures"
@maltfield Thanks for this comprehensive write up. Sorry to be a pain but would you mind moving this issue to the getsession.org repo https://github.com/oxen-io/session-website/issues
Ticket moved to https://github.com/oxen-io/session-website/issues/36
Is there an existing request for feature?
What feature would you like?
Document how to cryptographically verify downloads on the getsession.org download page
Expected behaviour
When I go to download the Session desktop client, I should also see instructions on how to verify the authenticity of the file after download and before install. Or, at least, a link to the document that describes this.
Actual behaviour
I see no mention about cryptographic authenticity verification on the download page
Steps to reproduce
Anything else?
No response