#377: Users with disabled javascript should get a link to verification hash near
the download link on getfedora.org
-----------------------+-------------------------------
Reporter: jenslody | Owner: webmaster
Type: defect | Status: new
Priority: major | Milestone: ASAP
Component: General | Keywords: verification hash
Blocked By: | Blocking:
-----------------------+-------------------------------
If users have disabled javascript they can directly download the
installation images, without getting a link to the verification-site.
See the discussion here:
https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/DAVQV72GEODAGDPIA6O3CM6RBQK7VDQ4/
Besides the discussion what happens, if the server get hacked and how to
secure the hashes, it should not be less insecure, if the users have
turned off javascript (mostly for security reasons), sd with javascript
turned on.
A probable (and cheap) change would be to add a link on the download-
pages.
I add a patch that needs to be verified, I'm not sure about the styles and
what happens, if javascript is enabled.
I don't know a way to test it without setting up a complete webserver.
I only tested injection into the html-code for the workstation-image
inside firefox and it seems to work.
--
Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/377>
fedora-websites <https://fedoraproject.org/wiki/Websites>
Fedora Website Team's Trac instance
--
websites mailing list
websites@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/websites@xxxxxxxxxxxxxxxxxxxxxxx
