Re: [Tails-dev] Easy verification steps for OS X

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list, steve
Subject: Re: [Tails-dev] Easy verification steps for OS X
steve:
> Dear all,


Hi Steve,

> The current verification steps for OS X users are, to put things mildly, broken.


Thanks a lot for getting in touch with us. We have very limited
knowledge of Mac OS X and that partly why anything Mac related on our
website is mildly broken :)

> Current procedure:
>
>     Users would follow this link:
>     https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems
>     then have to follow this link:
>     https://tails.boum.org/doc/get/verify_the_iso_image_using_the_command_line/index.en.html
>     and those instructions are really hard to read and follow.

>
> Many unexperienced users will not be able to do this. They will give up and not
> attempt to use Tails - at all.


I completely share your concern. Our verification instructions are quite
old, they have been written maybe 4 years ago and didn't really change
since then.

The good news is that, at this very moment, we're working on brand new
download, verification, and installation tools and instructions.
For example, we want to stop recommending people to do an OpenPGP
verification if they don't know OpenPGP beforehand.

We've been working on a browser extension to download and verify the ISO
image automatically. It's going to be released before the end of 2015
and will become the recommended technique (and hopefully super easy).

See https://tails.boum.org/blueprint/bootstrapping/extension/ for the
idea and https://maone.net/dev/tails/download.html for a prototype.

Still, even once we get there we'll want to still provide OpenPGP
instructions as an alternative or additional verification mechanism. But
at least people won't be force through this as they are today.

So documenting better GPGTools would still make perfect sense as part of
this alternative or additional check.

> In GPGTools support we receive occasional feedback from very confused Tails
> users, unable to verify their download. The latest example from yesterday is:
> https://gpgtools.tenderapp.com/discussions/problems/47413-what-is-the-protocol-for-verifying-a-signature-from-a-file This
> is not the only case and I am sure there are many more which just give up,
> without even bothering to write a feedback report.


I'm sorry to hear that :(

> So here are some improved, shorter and easier to follow verification steps for
> OS X in markdown:
>
>     To verify the signature of your tails file

>
>     1. download the Tails iso file and
>     1. the gpg signature file from https://tails.boum.org/download
>     1. click this [link](https://tails.boum.org/tails-signing.key) to display /
>     download our key
>     1. download and install [GPG Suite](https://gpgtools.org/gpgsuite)
>     1. open GPG Keychain and drag the tails-signing.key into the main window to
>     import the key
>     1. make sure that dmg and sig file both are located in the same folder
>     1. right-click signature or dmg file and select Services > OpenPGP: Verify
>     Signature of File and allow a moment for processing

>
>     If everything is ok, the verification result will look similar to this:


Cool, thanks! I think that I myself tried to perform the verification
back when I wrote these instructions some 4 years but failed to do so.

> I think you’d do your OS X users a big favor by updating the website
> description. I’d love to see a dedicated OS X section and not have windows / OS
> X mixed up under „other operating systems“ here
> https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems
>
> Ideally the specific OS X instructions would open an expanding section (analogue
> to what the current solution for „other operating systems“ does) but only
> include the OS X instructions.
>
> I hope this is useful and can be added to the website. This should solve
> https://labs.riseup.net/code/issues/7147


That's super cool! So here is my proposal: let's wait until we do a
first release of the browser extension (in the coming weeks) and then
see how do we fit the additional OpenPGP instructions in our website
after that. We I have a plan regarding this I'll send you a ping. And
then I would love to work with you on solving this once and for good.

--
sajolida