On Fri, Sep 14, 2012 at 04:10:24PM +0000, Paul Smith wrote: > It may behoove us to be concerned over being able to download and verify > the entirety of the packages that are not included in the mini ISO and > provide the ability to perform a command line install on one cd. I know > that we do not currently offer the ability to order a hard copy of the > alternate cd. However, there are other online vendors who do, which means > at present there is an existing way to order a *verified* *hard copy* via > mail.
I don't know what you mean by "verified" here. Neither Canonical nor the Ubuntu project offer any guarantees of the legitimacy of such third-party CDs. > Are we considering the difference between debsums on an installed system > vs. md5sum of a disc? Also, where would I re-emphasize that we currently > have no gpg verification for any of our images despite it's adoption by our > competitors? All Ubuntu images are accompanied on the download mirrors by GPG-signed checksum files. http://releases.ubuntu.com/12.04/SHA256SUMS http://releases.ubuntu.com/12.04/SHA256SUMS.gpg -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [email protected] [email protected]
signature.asc
Description: Digital signature
-- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
