2FA can also be useful for advanced users the have the capability to easily detect any phishing attempt. That is because even if the e-mail address used to sign-up for a (financial) service got hacked because of the e-mail service got hacked, attackers could still not login into the user’s accounts due to lack of 2FA.
Advanced users sometimes have the mindset “I know how to detect phishing therefore I am not in the target group of people who could benefit frrom 2FA” but then even their e-mail account could get hacked without their fault (malicious employee, database leak) and in this cases they’d be better off with 2FA protected logins for everything else. Then a simple password recovery request wouldn’t suffice to hack all of their logins.
Not sure that point was made on that page?
Not really. My best understanding of 2FA benefit is for web services. 2FA “strengthens any password” and makes a hacked e-mail address less painful.
Which might be more appropriate for the wiki. Should I ignore that git commit messages best practices part and try change my habits to use “descriptive mood” instead of “imperative mood”?
Maybe Notable Changes could be left out in release announcements by me.
To avoid duplication.
Notable Changes would then be auto generated in mediawiki markup instead of markdown makeup (forums). I could post them in the wiki instead. (Maybe with a comment if still in testing and not actually stable yet or wiki pending moderation as long as not in stable yet.)
Then there would be no need to copy/paste (and duplicate) them from forums to wiki. And fixes on top of my writeups would still be very much welcome.
Also if it seems useful… Feel free to edit my forum posts with the usual very much appreciated enhancements that are happening in the wiki all the time all over the place.
Other suggestions to simplify the changelog writing process?
To be honest, I hadn’t thought about it too much - I just preferred that phrasing. Happy to go either way.
It would be good if you can edit the stable release notes going forward, and just reference it in your forum post. Saves a lot of time. Then I’ll just do any finer edits later on.
A rule of thumb is to select Y or I for packages coming from {{project_name}}, and N for packages coming from other distributions. Otherwise settings affecting anonymity, privacy and security might be lost.
Users will inevitably come across this issue and won’t know whether to a) accept (Y or I), b) select N (possibly losing anonymity etc benefits in the process) or c) flip a coin.
If it doesn’t belong on that page, then where? Or are you saying this is no longer an issue?
A rule of thumb is to select Y or I for packages coming from {{project_name}}, and N for packages coming from other distributions.
No longer an issue.
This:
A rule of thumb is to select Y or I for packages coming from {{project_name}},
vs this:
and N for packages coming from other distributions.
Is no longer valid.
There is no more “coming from other distributions”. Since use of config-package-dev, Whonix can “steal” ownership if config files coming from “other distributions” (Debian “mostly” [except third party repo added by user]).
So recommended is I (install) in any case. Except the user has customized something the things get difficult. Then it’s up to user to merge this. One strategy would be to install and then re-add customization if still relevant. Or not do it and then check what Whonix changed and backport these if worth it (not worth it for trivial updates such as copyright year updates).
