Download page @Ubuntu.com

Matthew Nuzum matthew.nuzum at canonical.com
Wed Dec 20 03:38:36 UTC 2006


On Tue, 2006-12-19 at 22:26 -0500, Matthew Flaschen wrote:
> Matthew Nuzum wrote:
> > Windows Installer has this capability built in, so that
> > when you install a file it can detect if its damaged and abort early on.
> > I doubt we can get so lucky in the near future. Maybe if we distributed
> > the iso's zipped with a little md5 checker utility for Windows included
> > in the zip file. It could be a statically compiled utility that grabs
> > the md5 from the website, checks the gpg signature and then does an md5
> > of the iso contained in the zipfile.
> 
> That doesn't provide any security.  People need to get the MD5 directly
> from Ubuntu's secured site.  If they get both the MD5 and iso from a
> mirror, tampering can't be detected.

Yes, note I said that the utility grabbed the md5 from the website. I
envisioned that it would make an HTTPS request to download the md5.
Either way, this is pure fantasy at the moment.
-- 
Matthew Nuzum
newz2000 on freenode





More information about the ubuntu-doc mailing list