Skip to content
This repository has been archived by the owner on Mar 25, 2018. It is now read-only.

Better user experience around verifying downloads #144

Open
misterdjules opened this issue Jun 23, 2015 · 6 comments
Open

Better user experience around verifying downloads #144

misterdjules opened this issue Jun 23, 2015 · 6 comments
Assignees
@bnb
Labels
new.nodejs.org

Comments

@misterdjules
Copy link

Although users can verify digital signatures and now downloads use HTTPS by default, I think it would be great to give a better user experience around verifying downloads.

Having downloads use HTTPS is fine to make sure that users are downloading files from the correct source, but it doesn't ensure that they're installing software that hasn't been tampered with.

For that, they need to verify digital signatures. I imagine that a lot of users who care about that already know how to verify these signatures, but it's still a very manual process and the UX could be much better.

Also, when users run into downloading software that seems to be different than the one that was released, we could use this better UX to troubleshoot these issues.

Having some clear documentation easily available on the website would be a start to improve the user experience about verifying downloads.

/cc @nodejs/website
@misterdjules misterdjules mentioned this issue Jun 23, 2015
Closed
@bnb
Copy link

bnb commented Jun 23, 2015

+1. Is this a website thing, though? I know nothing about verifying digital signatures, but I always thought this was on the client (desktop) side. Is this not the case?

@misterdjules
Copy link
Author

@bnb The first step (better documenting the process of verifying signatures) would need to be linked from the website, or directly available from it. In this sense it seems to be a website thing.

The second (more long term) step, thinking about a process that Node.js users can use to verify downloads easily seems to definitely span more than one repository, thank you for bringing that up 👍

I'll fix the original description of this issue to include only the documentation part, do you think that would belong to the website repository?

@bnb
Copy link

bnb commented Jun 24, 2015

Yes, I think the display of that information is a Website WG thing - but it might be a @nodejs/documentation thing. It depends on if you want to provide this information when the user downloads the package, or if you want to provide it in the documentation. I don't know which would be better.

@misterdjules
Copy link
Author

@bnb Providing it when the user downloads files/binaries/packages is necessary in my opinion, because that might be the best opportunity we have to deliver this message. Of course adding it to the documentation wouldn't hurt too.

@danielkhan
Copy link

Will add this to the install docs. nodejs/docs#7

@bnb
Copy link

bnb commented Jun 24, 2015

@danielkhan Thank you. It would be nice to keep in sync when content is shared between working groups like this, so we will base our wording off of yours for the sake of consistency.

@bnb bnb self-assigned this Jun 24, 2015
@misterdjules misterdjules mentioned this issue Jun 25, 2015
Closed
@fhemberger fhemberger mentioned this issue Oct 8, 2015
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bnb bnb

Labels
new.nodejs.org
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bnb @misterdjules @danielkhan