Wrote a paragraph or two about verifying the QubesOS ISO signature and wrote a disclaimer that Qubes does not automatically verify external downloads not coming from its own repositories.
A few content changes, read over them to see if you like them:
* A few sentences were reworded so that end users could understand them better, without sacrificing detail.
* Sometimes more detail was added to give context to sentences or to make them more accurate.
* New sentences were added to help transitions in thought.
* New sentences were added to provide reasoning to earlier instructions so that the reader knew why they were important.
None of these content changes were particularly extensive or clashed with the original paper but they do change the meaning a bit, so I thought it important to document them.
Other changes:
* Subject-verb agreement
* Corrected some parentheses placements
* Misc. Grammar Fixes
* Inserted forgotten commas and periods
* Word variation
* Rework on some sentences that had really roundabout ways of saying things
In addition to my PR being a big edit, it is also on an important document. I have looked over my changes well and I know you will too. Reply if anything needs fixing/changing in the PR.
I have more changes that I want to add, but I figured I had edited the document enough already and if I added anythign else or made more extensive modifications it might be hard to tell what exactly I did.
* Replace "QSP" with "qubes-secpack"
(We should only have one official short name for it.)
* Note that the repo itself is independent of the host
(currently GitHub)
* Minor text cleanup
Per this discussion, https://forums.whonix.org/t/fixing-whonix-boot-issue-after-securing-qubes-root-auth/3155/8
Whonix executes sudo commands in non-root startup scripts which causes pop-up auth prompts to appear while Whonix VMs are starting. The problem is partly due to sudo parsing sudoers.d entries in alphabetical order, and some later configs cause earlier ones to get overridden. Adding the right permissions to a lexically 'last' filename resolves the issue.
* Add instructions for verifying Git tags
* Explain rationale for providing two methods of verification
* Update warrant canary link (Canary Watch has shut down)
* State that the QSP now contains Bitcoin fund info
* Fix "ó" in Marek's name
* Remove full CLI prompt (for uniformity with rest of site)
* Remove instructions for reading text files (unnecessary)
* Reorder list of QSP contents (move PGP keys to top, since
verification of everything else depends on them)
