CHECKSUM is not easily accessible on Fedora Download Page

Máirín Duffy duffy at fedoraproject.org
Fri Jan 21 18:03:18 UTC 2011 

Hi Suvayu,

On Thu, 2011-01-20 at 23:10 +0100, suvayu ali wrote:
> 2011/1/20 Máirín Duffy <duffy at fedoraproject.org>:
> > Proposal -
> >
> > Mockup:
> > http://duffy.fedorapeople.org/webdesign/fedoraproject.org/verify/verify.png

> I understand your motivation for the design is to make it easy for
> users, new and old alike, to get the latest version of Fedora. However
> as the designer you are in a unique position to inculcate good habits
> into users like checking downloads for corruption / tampering. So
> maybe taking the approach to gradually guide the user to these best
> practices would be a better motivation rather than give into their
> demands for making things simple and in the process reducing the use
> of these security measures?
> 
> Just a thought. And thanks for the beautiful work. :)

Point well-taken and thank you for the lovely compliment. I'm just a bit
worried about adding  more things-to-learn / more software-to-download /
more things-to-do / more time taken to the workload of the types of
users we're trying to capture to make software freedom more ubiquitous:

http://duffy.fedorapeople.org/app%
20design/anaconda/comic/anaconda-comic_1.png

Note this reflects a version of the installation process that is more
idealized than the reality. The biggest challenge in not losing folks
before they even give Fedora a chance is making it easy when they have
to figure out how to get the ISO to optical media or to USB (the latter
which can be really challenging.) Weighing the pros and the cons here,
I'd rather have someone running Fedora and be less prone to viruses and
security break-ins rather than lose them altogether when they give up
trying to learn ISOs, liveusb creation, checksum checking, and GPG all
in one go. Do you know what I mean? What is more harmful for them? I
think the chances of them giving up because of the difficulty in the
process (even without checksum verification) is far greater than the
chances of the fedoraproject.org media getting tampered with.

~m

More information about the users mailing list