Securely downloading Ubuntu
chris at chris-lamb.co.uk
Tue Jan 22 19:32:32 GMT 2008
Is it actually possible to securely download Ubuntu?
A typical mirror contains an MD5SUMS and an associated MD5SUMS.gpg .
However, the MD5 digest algorithm is utterly broken and the key is signed
by just a handful of people anyway, only two of which I (visually)
recognise as having anything to do with the Ubuntu project.
If the MD5SUMS files are purely for validating downloads, could the
completely useless/misleading GPG files be dropped?
Chris Lamb, UK chris at chris-lamb.co.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080122/8b6a6c7f/attachment-0001.pgp
More information about the ubuntu-devel