You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I downloaded ziglang from: https://ziglang.org/download/ and went to verify the signature, but the documentation for doing so is missing. I'm not familar w/ minisign and I assume many people are not either, and requiring people to look up how to verify with minisign means most people won't verify the download. Putting the public key on the page is not enough.
I'd recommend you add instructions to download the file plus it's minisig file, and ru the command:
(or equivalent) to the download page to save people time from having to read the man page [very carefully], and fail at verifying the first time:
$ minisign -V -m zig-macos-aarch64-0.11.0-dev.2297+28d6dd75a.tar.xz
minisign.pub: No such file or directory
and the second time:
$ echo 'RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U' > minisign.pub
$ minisign -V -m zig-macos-aarch64-0.11.0-dev.2297+28d6dd75a.tar.xz
Error while loading the public key file
Also, I'd recommend using a program that isn't major version 0 for security, as per semver, major version 0 has zero compatibility guarantees, so there's no reason that 0.12 will be compatible w/ 0.11, and your page also doesn't list a required minisign version as well.
The text was updated successfully, but these errors were encountered:
I downloaded ziglang from: https://ziglang.org/download/ and went to verify the signature, but the documentation for doing so is missing. I'm not familar w/ minisign and I assume many people are not either, and requiring people to look up how to verify with minisign means most people won't verify the download. Putting the public key on the page is not enough.
I'd recommend you add instructions to download the file plus it's minisig file, and ru the command:
(or equivalent) to the download page to save people time from having to read the man page [very carefully], and fail at verifying the first time:
and the second time:
Also, I'd recommend using a program that isn't major version 0 for security, as per semver, major version 0 has zero compatibility guarantees, so there's no reason that 0.12 will be compatible w/ 0.11, and your page also doesn't list a required minisign version as well.
The text was updated successfully, but these errors were encountered: