Getting ubuntu iso securely
Ryein Goddard
ryein.goddard at gmail.com
Mon Sep 14 15:39:00 UTC 2015
Probably a good idea to have something on the site reminding users to
verify the download. Especially something as important as the operating
system.
On Mon, Sep 14, 2015 at 3:49 AM, Rajeev Bhatta <techie.rajeev at yahoo.in>
wrote:
> Hi, what is the need for a publicly available iso to be secured... All
> packages bundled are already publicly available...
>
> Md5 files makes sense as it is necessary for maintaining the validity of
> the file download and not let users be tricked by a incorrect file being
> passed as a correct one.
>
> I do agree with you that the instructions for validating the file should
> be available with the download.
>
> Thanks
>
> On Sep 11, 2015 12:18 PM, Rune Schjellerup Philosof <rune at philosof.dk>
> wrote:
> >
> > Hi
> >
> > I am puzzled by the absence of a secure method of downloading the ubuntu
> > iso images.
> > www.ubuntu.com is not served over https and neither is
> releases.ubuntu.com.
> >
> > None of the mirrors are using https.
> >
> > Isn't this a major security flaw?
> >
> > I know that there are md5sum files and they are gpg signed as well. And
> if
> > you search for it you might find
> > https://help.ubuntu.com/community/VerifyIsoHowto.
> > But on www.ubuntu.com there are no instructions reminding you to verify
> > the download.
> >
> > --
> > Ubuntu-devel-discuss mailing list
> > Ubuntu-devel-discuss at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20150914/7d00b979/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list