Add explanation to why verification should not be skipped

This commit is contained in:
Alex Anderson 2022-05-11 02:03:39 +00:00 committed by thanharrison
parent e394da27d6
commit 07b34eb27c
No known key found for this signature in database
GPG Key ID: 846CD202D87BD620

View File

@ -4934,7 +4934,7 @@ We will follow the instructions from their own guide <https://www.qubes-os.org/d
- If you want to use Tor over VPN or cannot use any of those, leave it unchecked. - If you want to use Tor over VPN or cannot use any of those, leave it unchecked.
- Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: <https://www.qubes-os.org/security/verifying-signatures/> <sup>[[Archive.org]][1367]</sup>. Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though we know we are getting the ISO from a trusted source. - Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: <https://www.qubes-os.org/security/verifying-signatures/> <sup>[[Archive.org]][1367]</sup>. Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though we know we are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised.
- If you cannot use Tor at all, there is also no point in installing Whonix. So, you should disable Whonix installation within the Software Selection Menu. - If you cannot use Tor at all, there is also no point in installing Whonix. So, you should disable Whonix installation within the Software Selection Menu.