Closed maltfield closed 2 months ago
maltfield
commented
2 months ago Note: This is not a support request asking for information on how to verify release signatures.
The only resolution to this ticket is by updating the getsession.org download page with the information (or a link-to the information) that documents how users can verify release signatures.
maltfield
commented
2 months ago Here are some examples of "verifying this release" project documentation from other projects
keybreak
commented
2 months ago maltfield
commented
2 months ago Yes, so one solution to this ticket would be to update https://getsession.org/download with text that says:
"to verify the authenticity of this release with PGP, please see Verifying Signatures"
yougotwill
commented
2 months ago @maltfield Thanks for this comprehensive write up. Sorry to be a pain but would you mind moving this issue to the getsession.org repo https://github.com/oxen-io/session-website/issues
maltfield
commented
2 months ago Ticket moved to https://github.com/oxen-io/session-website/issues/36
Is there an existing request for feature?
What feature would you like?
Document how to cryptographically verify downloads on the getsession.org download page
Expected behaviour
When I go to download the Session desktop client, I should also see instructions on how to verify the authenticity of the file after download and before install. Or, at least, a link to the document that describes this.
Actual behaviour
I see no mention about cryptographic authenticity verification on the download page
Steps to reproduce
Anything else?
No response