You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Somewhere in the download section, it would be good to explain to users how they can verify their downloads, in a discoverable way.
We should discuss what we should explain, which verification strategies we want to explain.
The intention is:
(1) create some general awareness that verifying downloads is a good idea
(the fact that such a verification offering can be found on the download page could be seen as a way to make users aware, and allow them to learn more, if they want to)
(2) Allow users a simple verification that could be done without downloading additional software. For example, if users find the SHA256 checksum on the download page, there could be a quick information how to use tools already available on the OS to verify (e.g. sha256sum on Linux and MacOS, and on Windows something like certutil -hashfile SHA256)
(3) Potentially have a link that explains the more advanced checking. Which is, use GnuPG, and offer a link to the signature file.
The text was updated successfully, but these errors were encountered:
SUMO could be the place where the detailed explanations live.
==Download page==
here is your download: link
You may verify the correctness of your download using SHA256 hashsum ABCDEF000111... (dynamically embedded) or uising a GnuPG signature (dynamically set the correct link).
Here are the instructions for verifying a download: link to SUMO
remember to obtain thunderbird only from official locations, such as this thunderbird.net website or using a download mechanism that's integrated into your operating system.
Somewhere in the download section, it would be good to explain to users how they can verify their downloads, in a discoverable way.
We should discuss what we should explain, which verification strategies we want to explain.
The intention is:
(1) create some general awareness that verifying downloads is a good idea
(the fact that such a verification offering can be found on the download page could be seen as a way to make users aware, and allow them to learn more, if they want to)
(2) Allow users a simple verification that could be done without downloading additional software. For example, if users find the SHA256 checksum on the download page, there could be a quick information how to use tools already available on the OS to verify (e.g. sha256sum on Linux and MacOS, and on Windows something like certutil -hashfile SHA256)
(3) Potentially have a link that explains the more advanced checking. Which is, use GnuPG, and offer a link to the signature file.
The text was updated successfully, but these errors were encountered: