Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Download page (https://bisq.network/downloads/) has a bad link to "PGP Signatures." #317

Closed
ripcurlx opened this issue Dec 19, 2019 · 1 comment · Fixed by #318
Closed

Download page (https://bisq.network/downloads/) has a bad link to "PGP Signatures." #317

ripcurlx opened this issue Dec 19, 2019 · 1 comment · Fixed by #318

Comments

@ripcurlx
Copy link
Contributor

@dscotese commented on Wed Aug 14 2019

The "PGP Signatures" entry on the download page (https://bisq.network/downloads/) ends up providing the Release Notes instead of the folder containing the signatures. I found the file I needed (https://bisq.network/downloads/v1.1.5/Bisq-64bit-1.1.5.exe.asc) by simply guessing that adding the .asc to the end of the link to the .exe would get it. The "PGP Signatures" link should point to a new page that has a link to each of the .asc files.

@battleofwizards commented on Wed Aug 14 2019

All signatures are present on the Release Notes page down below the text content. Seek assets.

The confusion comes from the fact that Release Notes are very long and the actual downloadable assets are buried deep.

I'm afraid GitHub does not offer linking to catalogs of released files. One can only link the page and individual files.

One solution would be to link the release notes file instead of putting the text directly on the page. This would be inline with Bitcoin Core: https://github.com/bitcoin/bitcoin/releases and would ensure the assets are easily visible by the users.

@dscotese commented on Wed Aug 14 2019

If updating the release notes is possible, the issue I had can be fixed by adding a line to the "How To Verify" section. I forked the repo but could not see where the release notes file was for me to make this change and then a pull request. Here is how that section would look (with the line I'd add in bold):

How to verify signatures?
Download the *.asc file for the file you downloaded ("BINARY" below) from the bottom of this page
gpg --digest-algo SHA256 --verify BINARY{.asc*,}
Replace BINARY with the file you downloaded (e.g. Bisq-1.1.5.dmg)

... and since I like to explain things, I'd also add this:
gpg will search the download folder for the file you downloaded (it recognizes and remove the ".asc" to do this) and use the specified file to verify it using the signer's key.

@freimair commented on Thu Sep 19 2019

that is confusing I agree. How about changing the download page and add links to the signature files right behind the binaries?
Screenshot from 2019-09-19 11-45-29

@Stale[bot] commented on Wed Dec 18 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
@ripcurlx ripcurlx mentioned this issue Dec 19, 2019
Closed
@RiccardoMasutti
Copy link
Contributor

I agree with you. Let me propose a PR

@RiccardoMasutti RiccardoMasutti mentioned this issue Dec 20, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add PGP SIGNATURE link next to download RiccardoMasutti/bisq-website
2 participants
@ripcurlx @RiccardoMasutti