Users keep getting confused because their output doesn't match the
examples, even though the text already says, "This is just an example,
so the output you receive may not look exactly the same."
Recent examples of this:
- https://www.reddit.com/r/Qubes/comments/1f2b221/
- https://forum.qubes-os.org/t/29384
Specifically, users seem to get confused because their RSK has a
different date and key ID than the one in the example (which makes
sense, because RSKs change with each release), so replacing these
specific values with variables may avert some confusion.
- use active voice where applicable
- add articles
- add `shell_session` to code fences to match document style
- reword phrases to increase readability & reduce verbiage
- Standardize syntax, formatting, and orthography
- Update links
- Clarify and improve language
- Deduplicate content
- Add info regarding keys not directly signed by the QMSK
(https://github.com/QubesOS/qubes-doc/pull/1180#discussion_r672939404)
- Add general info about digital signature use
- Improve page organization (#1179)
- Update info and instructions regarding the QMSK
- Miscelanneous fixes and improvements
...with a trusted signature! There is no indication that the signature
belongs to the owner."
With this edit, I'm aiming to assist the beginner reader who walked the
following breadcrumbs:
Should I trust this website?
==> verify the PGP signatures on the commits and/or tags
Detailed steps suggested by the docs along these breadcrumbs:
1) `git clone git@github.com:QubesOS/qubesos.github.io.git`
2) Verify the PGP sigs on the commits and/or tags
a) get properly validated GPG keys (available in the Qubes Security Pack)
i. `git clone https://github.com/QubesOS/qubes-secpack.git`
ii. `gpg --import qubes-secpack/keys/*/*`
iii. Verify/trust the QMSK (details given on the page)
b) `cd qubesos.github.io`
c) `git verify-commit 45ca80e8` (one of Andrew's recent commits)
RESULT: The WARNING pops up, because the user has not yet ultimately PGP
trusted Andrew's E11D 15C6 D204 3576 9FFA A456 8CE1 3735 2A01 9A17
key.
...in the "How to Verify Qubes Repos" section, since you must have
properly validated keys before being able to perform a successful
`git verify-tag` or `git verify-commit`.
Those are redundant, and yaml parser strips them in fact. By removing
them, loading and saving yaml file without any change indeed produce the
same output. This is useful for prepare_for_translation.py script (which
adds lang and ref tags) - to produce only change that indeed was made.