I just noticed the open task for ubuntu-system-settings about doing a addtional hashsum check for the download. Fwiw, click is already doing a gpg verification before the install so corrupted/MITMed clicks will not get installed there. Having the hash check may still be a good idea for e.g. better error reporting.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330770 Title: click packages rely upon tls for integrity and authenticity To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1330770/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
