miscellaneous feedback integration

content/posts/linux/index.md

@@ -51,55 +51,15 @@ The best way to learn the basics of the command line is to interact with it. We
 
 Some commands require elevated privileges, equivalent to "Open as Administrator" in Windows. For example, installing software usually requires this. Prefixing a command with `sudo` will execute it as the administrative user, named root (note: the root user is not the same as the root directory, and the two should not be confused). A root prompt will display `#` instead of `$`. Be especially careful with any commands you run while using these elevated privileges, as you'll have the power to erase your entire hard drive or change important files. It is helpful to know that text is pasted in the Terminal with Ctrl+Shift+V (i.e. the Shift key must also be pressed). 
 
-Most Linux users will rarely need to use the CLI. If you're using Tails, you shouldn't need it at all, although you will need the following commands for a [more secure installation](https://tails.boum.org/install/expert/index.en.html):
-
-* `wget`: this downloads files from the Internet using the Command Line (rather than a web browser)
-* `gpg`: this handles [GPG encryption](/glossary#gnupg-openpgp) operations. This is used to verify the integrity and authenticity of the Tails download. 
-* `apt`: this manages packages in Debian. 
-* `dd`: this copies a file from one disk to another. 
-
-The [Qubes](/tags/qubes/) installation requires the same commands (during the [verification](https://www.qubes-os.org/security/verifying-signatures/) phase). The Command Line Interface is otherwise only needed to install software:
+Most Linux users will rarely need to use the CLI. If you're using Tails, you shouldn't need it at all. If you're using Qubes OS, the CLI is only needed to install software:
 
 * `apt install <PACKAGE_NAME>`: this will install packages on Debian 
 * `dnf install <PACKAGE_NAME>`: this will install packages on Fedora 
 
+Additionally, the CLI is needed for the more secure installation of both [Tails](/posts/tails-best/#appendix-3-gpg-explanation) and [Qubes OS](https://www.qubes-os.org/security/verifying-signatures/) to verify the download's authenticity. 
+
 If you ever don't understand what a command does, try searching [explainshell](https://explainshell.com/) for it.
 
-## GPG Explanation
-
-Using `gpg` during the installation of Tails or Qubes OS will be less confusing if you understand how it works. 
-
-First, some clarification. [PGP and GPG](/glossary/#gnupg-openpgp) are terms that can be used interchangeably; PGP (Pretty Good Privacy) is the encryption standard, and GPG (GNU Privacy Guard) is a program that implements it. PGP/GPG is also used for encrypted email communication ([although we don't recommend it](/posts/e2ee/#pgp-email)), but we use it here only to verify the integrity and authenticity of files.  
-
-GPG is a classic example of [public-key cryptography](/glossary/#public-key-cryptography). GPG provides cryptographic functions for [encrypting](/glossary/#encryption), decrypting, and signing files; our concern here is digitally signing files. The Qubes and Tails teams both [digitally sign](/glossary/#digital-signatures) on their .img releases. GPG gives us a way to verify that the file has actually been "signed" by the developers, which allows us to trust that it hasn't been tampered with.   
-
-Now you need to understand the basics of public-key cryptography. [This Computerphile video](https://invidious.sethforprivacy.com/watch?v=GSIDS_lvRv4) has a great overview with visual aids. To summarize, a **secret/private** key is used to **sign** messages, and only the user who has that key can do so. Each **private** key has a corresponding **public** key - this is called a **key pair**. The public key is shared with everyone and is used to verify the signature. Confused? Watch the video! 
-
-![](signature.png)
-
-Tails and Qubes OS sign their releases, and only they can do this because only they have their private key. However, I can verify that this signature is valid by having a copy of their public key. Now let's go through the [Tails verification instructions](https://tails.boum.org/install/expert/index.en.html), which are less convoluted than the [Qubes OS equivalent](https://www.qubes-os.org/security/verifying-signatures/). 
-
-### Step: Generate a Key-Pair
-
-Tails recommends this [Riseup guide](https://riseup.net/en/security/message-security/openpgp/gpg-keys#using-the-linux-command-line) to generate a key-pair. 
-
-* `gpg --gen-key` will prompt you for some configuration options and then generate your key-pair.
-
-### Step: Verify the Tails public key
-
-* `gpg --import < tails-signing.key` imports the Tails public key into your keyring so that it can be used. 
-* `gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export chris@chris-lamb.co.uk | gpg --import` imports the public key of a Debian developer into your keyring so that it can be used. 
-* `gpg --keyid-format 0xlong --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F` allows you to verify the Tails public key with the Debian developer's public key by examining the output as instructed. This is so that if the source of the Tails public key (tails.net) is compromised, you have an external source of truth to alert you. 
-* `gpg --lsign-key A490D0F4D311A4153E2BB7CADBB802B258ACD84F` will certify the Tails public key with the key you created in the last step. 
-
-Now we know that we have a genuine version of the Tails public key.  `gpg` also knows this because we chose to certify it. 
-
-### Step: Verify the downloaded Tails .img file
-
-* `TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-5.10.img.sig tails-amd64-5.10.img` allows you to verify that the .img file is signed as it should be by examining the output as instructed.  
-
-Now that we know that we have a genuine version of the Tails .img file, we can proceed to install it on a USB. 
-
 # Going Further
 
 If you want to learn more about Linux, we'd recommend: