Hey Steve, > I don't know what you mean by "verified" here. Neither Canonical nor the > Ubuntu project offer any guarantees of the legitimacy of such third-party > CDs.
I wouldn't expect that of them. I meant GPG key verification in general. Thanks for clarifying. On other distros that documentation is alongside the download and I just missed it. I'll research more thoroughly in the future. For anyone else: https://help.ubuntu.com/community/HowToMD5SUM vs. https://help.ubuntu.com/community/VerifyIsoHowto Best, P.S. On 09/25/2012 09:45 PM, Steve Langasek wrote: > On Fri, Sep 14, 2012 at 04:10:24PM +0000, Paul Smith wrote: >> It may behoove us to be concerned over being able to download and verify >> the entirety of the packages that are not included in the mini ISO and >> provide the ability to perform a command line install on one cd. I know >> that we do not currently offer the ability to order a hard copy of the >> alternate cd. However, there are other online vendors who do, which means >> at present there is an existing way to order a *verified* *hard copy* via >> mail. > > I don't know what you mean by "verified" here. Neither Canonical nor the > Ubuntu project offer any guarantees of the legitimacy of such third-party > CDs. > >> Are we considering the difference between debsums on an installed system >> vs. md5sum of a disc? Also, where would I re-emphasize that we currently >> have no gpg verification for any of our images despite it's adoption by our >> competitors? > > All Ubuntu images are accompanied on the download mirrors by GPG-signed > checksum files. > > http://releases.ubuntu.com/12.04/SHA256SUMS > http://releases.ubuntu.com/12.04/SHA256SUMS.gpg
-- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
