General rework #17
General rework #17
Conversation
Info not specific to bullet point
Will age badly
Implementation should either meet or fail to meet Glacier Protocol
Moved to section description
Point wrt failure of alternatives is unsuitable for technical document
Protocol should not vouch for security of 3rd party site
Entire document is author's recommendation, no need to specify here
"vs." sections are an assessment of alternative rather than comparisons
Moved up to parent section
"constant attack" made two separate points
Subscription link replaced, MtGox/Bitfinex users will be/were reimbursed
Risky to vouch for third party software
Points covered in section intro
Sections are not numbered
Explain encoding is base58 WIF once footnotes are available
| Technical details: Glacier's GPG keys are handled with good security practices. They were generated while booting off an Ubuntu Live USB on a factory-new laptop with the wireless card removed, and transferred via USB to a MacBook. The private key is not stored in the cloud. The public key is hosted separately from our software distributions, on Keybase, secured with separate credentials (all of which are in password managers). | ||
| ">protocol document</a>. | ||
|
|
||
| 5. Obtain the Glacier PGP public key, used to cryptographically verify the protocol document. |
There was a problem hiding this comment.
Previous step is # 5, shouldn't this be 6?
| **If you are ever using Glacier in the future and notice that this step has | ||
| changed (or that this warning has been removed), there is a security risk.** | ||
| Stop and | ||
| <a href="#" class="popovers" data-toggle="popover" data-placement="top" title="" |
There was a problem hiding this comment.
Good catch; these popovers are invisible in the current PDF, which is obviously unacceptable.
_docs/setup/verify.md
Outdated
| environment. Working from a hardcopy ensures there is always a verified copy of | ||
| the document available. | ||
|
|
||
| ### On the "SETUP 1" computer |
There was a problem hiding this comment.
Has the "SETUP 1" computer been introduced by this point? Has the doc made clear that it must have Internet access and software install privileges?
| Technical details: Glacier's GPG keys are handled with good security practices. They were generated while booting off an Ubuntu Live USB on a factory-new laptop with the wireless card removed, and transferred via USB to a MacBook. The private key is not stored in the cloud. The public key is hosted separately from our software distributions, on Keybase, secured with separate credentials (all of which are in password managers). | ||
| ">protocol document</a>. | ||
|
|
||
| 5. Obtain the Glacier PGP public key, used to cryptographically verify the protocol document. |
There was a problem hiding this comment.
Confusing mix of PGP and GPG used here. Have these terms been introduced?
_docs/setup/verify.md
Outdated
| @@ -80,8 +80,7 @@ protocol. | |||
|
|
|||
| 1. **Windows**: Press Windows-R, type "powershell" and click OK. | |||
| 2. **MacOS**: Click the Searchlight (magnifying glass) icon in the menu bar, and | |||
| type a terminal window. "terminal". Select the Terminal application from the | |||
| search results. | |||
| type "terminal". Select the Terminal application from the search results. | |||
There was a problem hiding this comment.
Ugh. This was correct in v0.91 doc. Another sloppy mistake made during the conversion to markdown.
| For technical background about this process, see | ||
| https://en.wikipedia.org/wiki/Digital_signature. | ||
| ">downloaded document</a>. | ||
| 9. Verify the integrity of the downloaded document. For technical background about |
There was a problem hiding this comment.
Again I'm unsure about this, but shouldn't this bullet be # 11 not # 9?
| is in a different place, you will need to customize this command. | ||
| 8. Change the terminal's current working folder to the download folder. The | ||
| commands below are based on default settings; if the defaults have been altered, | ||
| these commands will need customized to match. |
There was a problem hiding this comment.
"will need to be customized"
|
@GraniteKeep this has gone way beyond a "Minor restructure in layout and sentence structure" to include substantial changes to the document. Glacier was developed with careful review and as of v0.91 many people had read and executed the protocol successfully. This level of change will require equally thorough review. I don't expect the current maintainers will be open to such a review. I do think your changes are mostly positive and moving in the right direction. I don't want to discourage you except to say that a proper and thorough review will take a long time and must include someone going through the final PDF step by step executing the protocol as if for the first time. I am planning such a review myself, once the PDF reaches a good state again after #13. (Currently IMO the PDF is in an unacceptably bad state not even worthy of thorough review.) I would encourage you to submit a few small PRs for the more serious issues you have identified and cleaned up (like the official Ubuntu SHA link). Those can be merged quickly. I have done a cursory review (looking only at diffs in Github, not the formatted doc) through 027bfd2 and might continue beyond that soon. |
|
Thanks for the heads-up, @bitcoinhodler. @jacoblyles, @diogomonica, @jhogan4288, am I doing work that isn't required? Although I've been very careful not to alter the process, I've been going through the protocol document looking for inconsistencies in formatting, wording, etc; fleshing out certain explanations, trying to simplify some of the more complex statements (in terms of wording), introducing sub-headings in the large numbered lists for readability, correcting section references, and weeding out dead links. I've tried to be quite granular in my commits, with comments as descriptive as the character limit allows. This has resulted in a large number of changes, but the rendered document/website should be cleaner and a bit easier to read. |
|
Hi @GraniteKeep -- I'm no longer involved in maintenance of Glacier, so will defer to the others. But thank you on behalf of the community for your efforts! |
|
Ok, I'll have to assume there is no appetite for this kind of update just now. There'll be a lot of work to get the presentation/readability up to the quality of, say, CCSS (the institutional equivalent to Glacier) so I'll leave what I've done if anyone wants a headstart at a later date. Thanks to @bitcoinhodler for the review work done. If you continue any further, the value of the presentation changes are a lot easier to see looking at the rendered PDF/webpages side-by-side. |
|
It's a shame, but the official maintainers are AWOL, and have been since they took over from the original developers. We are looking for new public maintainers. |
|
@GraniteKeep thanks for the rework. There is definitely appetite for improvements, just not a lot of time for review. We added a few folks from Casa, but they haven't started contributing. We're also looking for other public maintainers. |
|
@GraniteKeep Please rebase to resolve the conflicts and I'll review |
Minor restructure in layout and sentence structure