On Wed, 2007-06-27 at 22:09 +1000, Amos Shapira wrote: > For the benefit of those who might not follow such news (e.g. Linux newbies > who take their first steps in downloading and installing such software), I > post this here as a warning - don't download just any copy of a Linux distro > unless it's coming from an official distro site and (or?) without verifying > the checksums with those provided on an official mirror site. > > http://www.funtechtalk.com/trojan-horse-loaded-version-of-ubuntu-704-spreading-over-torrent-sites/
This currently appears to be FUD. Note the complete lack of supporting documentation on the blog post. You should *always* verify the sha1sum of anything you download, and using the ubuntu mirror archive should be safe. If you are using a torrent, just check the sha1sum of the output iso against the sha1sum from the ubuntu network - which you should do anyhow :). -Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
