svn commit: r40831 - in projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook: . preface

Dru Lavigne dru.lavigne at att.net
Wed Jan 30 23:21:03 UTC 2013 


--- On Wed, 1/30/13, Xin Li <delphij at delphij.net> wrote:
> On 01/30/13 12:17, Benedict Reuschling wrote:
> > Am 30.01.13 20:58, schrieb Xin Li:
> >> On 01/30/13 11:01, Benedict Reuschling wrote:
> >>> Author: bcr Date: Wed Jan 30 19:01:33 2013 New
> Revision: 40831 
> >>> URL: http://svnweb.freebsd.org/changeset/doc/40831
> > 
> >>> Log: Deactivate the build of the PGP Keys
> section from the 
> >>> appendix. This will not be part of the print
> edition, but will
> >>>  still be kept in the online version.
> > 
> >> Wouldn't that defeat the purpose of having the PGP
> keys in 
> >> handbook?
> > 
> > 
> > Hmm, the commit message could be interpreted as reverse
> logic, now 
> > that I reread it.
> > 
> > What I meant was that the PGP keys don't make sense in
> a printed
> > book. No one will pull out their print edition to
> verify an email
> > from a FreeBSD developer. :)
> > 
> > In the online version hwoever, it does make sense to
> have them 
> > (although we could debate having them on a separate
> webpage on 
> > www.freebsd.org) in case someone needs to
> copy/paste/verify keys.
> > Keys are also easier to update online rather than
> release a new
> > print edition just to update the keys, right?
> > 
> > I hope that answers your question.
> 
> That is exactly what I am concerned about.
> 
> The reason why PGP keys should appear in printed book and
> DVDs is that
> this establishes a way to start your trust chain with. 
> It's wrong to
> blindly trust www.freebsd.org to be offering the right
> keys.
> 
> At very least, the book should have public key for the
> "Officers", and
> probably also the fingerprint part of everyone's public key
> but with
> public block part omitted.


My concern with including the PGP keys in the print edition is the 100+ extra pages it adds to an already large volume set. Only including the Officers and the fingerprints of devs would alleviate much of this.

The preface also needs to be edited to include instructions on how to verify a key and why doing so is important, rather than assuming that the user already knows this.

In the print edition, is it sufficient to only provide instructions, the links to the fingerprints and keys, and a caveat that the keys displayed on the website should not be blindly trusted but rather verified? Or is this pushing too far?

Cheers,

Dru

More information about the svn-doc-projects mailing list