Getting ubuntu iso securely

Rajeev Bhatta techie.rajeev at yahoo.in
Mon Sep 14 10:49:14 UTC 2015


Hi, what is the need for a publicly available iso to be secured... All packages bundled are already publicly available...

Md5 files makes sense as it is necessary for maintaining the validity of the file download and not let users be tricked by a incorrect file being passed as a correct one.

I do agree with you that the instructions for validating the file should be available with the download.

Thanks

On Sep 11, 2015 12:18 PM, Rune Schjellerup Philosof <rune at philosof.dk> wrote:
>
> Hi 
>
> I am puzzled by the absence of a secure method of downloading the ubuntu 
> iso images. 
> www.ubuntu.com is not served over https and neither is releases.ubuntu.com. 
>
> None of the mirrors are using https. 
>
> Isn't this a major security flaw? 
>
> I know that there are md5sum files and they are gpg signed as well. And if 
> you search for it you might find 
> https://help.ubuntu.com/community/VerifyIsoHowto. 
> But on www.ubuntu.com there are no instructions reminding you to verify 
> the download. 
>
> -- 
> Ubuntu-devel-discuss mailing list 
> Ubuntu-devel-discuss at lists.ubuntu.com 
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss 


More information about the Ubuntu-devel-discuss mailing list