bitcoincore.org icon indicating copy to clipboard operation
bitcoincore.org copied to clipboard
verified publisher icon bitcoin-core

Improve clarity on the number of release signing keys

Open AndySchroder opened this issue 3 years ago • 3 comments

On the page 2017-01-01-download.md (https://bitcoincore.org/en/download/) the following phrase suggests that there is a single release signing key,

verify_checksums_file: "Verify that the checksums file is PGP signed by the release signing key:"

but the surrounding lines indicate that there are multiple signing keys. I suggest it be changed to

verify_checksums_file: "Verify that the checksums file is PGP signed by trusted keys:"

to avoid confusion.

AndySchroder avatar Aug 10 '22 19:08 AndySchroder

I think this references this sentence in part 8

The output of the command above should say that one key was imported, updated, has new signatures, or remained unchanged.

It is always said that it is recommended to use several keys, but in the example one is imported. That's why I think we're talking about a key

superstreber3 avatar Aug 11 '22 08:08 superstreber3

What you say makes sense, but the sentence I've pointed out seems to make it a little contradictory. What about instead changing to

verify_checksums_file: "Verify that the checksums file is PGP signed by a trusted release signing key:"

OR

verify_checksums_file: "Verify that the checksums file is PGP signed by at least one trusted release signing key:"

?

AndySchroder avatar Aug 14 '22 20:08 AndySchroder

I agree, I created an PR (#894) with the change.

superstreber3 avatar Aug 22 '22 06:08 superstreber3