Probably a good idea to have something on the site reminding users to verify the download. Especially something as important as the operating system.
On Mon, Sep 14, 2015 at 3:49 AM, Rajeev Bhatta <[email protected]> wrote: > Hi, what is the need for a publicly available iso to be secured... All > packages bundled are already publicly available... > > Md5 files makes sense as it is necessary for maintaining the validity of > the file download and not let users be tricked by a incorrect file being > passed as a correct one. > > I do agree with you that the instructions for validating the file should > be available with the download. > > Thanks > > On Sep 11, 2015 12:18 PM, Rune Schjellerup Philosof <[email protected]> > wrote: > > > > Hi > > > > I am puzzled by the absence of a secure method of downloading the ubuntu > > iso images. > > www.ubuntu.com is not served over https and neither is > releases.ubuntu.com. > > > > None of the mirrors are using https. > > > > Isn't this a major security flaw? > > > > I know that there are md5sum files and they are gpg signed as well. And > if > > you search for it you might find > > https://help.ubuntu.com/community/VerifyIsoHowto. > > But on www.ubuntu.com there are no instructions reminding you to verify > > the download. > > > > -- > > Ubuntu-devel-discuss mailing list > > [email protected] > > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > -- > Ubuntu-devel-discuss mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss >
-- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
