[ubuntu-studio-devel] Antivirus, code / app content scanning.
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Thu Oct 6 22:26:09 UTC 2016
On Thu, 6 Oct 2016 23:12:35 +0200, Set Hallstrom wrote:
>The best way to be sure you're copy is integer is to do a checksum of
>the downloaded ISO
>https://help.ubuntu.com/community/HowToSHA256SUM
It should be verified by a signed checksum. The above link mentions
this, too. However, there are several links explaining it, one of the
better links IMO is this one:
https://www.ubuntu.com/download/how-to-verify
The Ubuntu flavour Ubuntu Studio signed checksums are available at:
http://cdimage.ubuntu.com/ubuntustudio/releases/xenial/release/
>AFAIK, all the code is carefully reviewed by the Ubuntu community.
FWIW packages are signed, too and this is automatically checked when
installing a package.
However, this doesn't protect against vulnerabilities.
Ubuntu has got a CVE tracker
https://people.canonical.com/~ubuntu-security/cve/
as other distros have got, too, e.g.
https://wiki.archlinux.org/index.php/CVE
Arch has got a tool to check the CVE data related to official Arch
packages
https://aur.archlinux.org/packages/arch-audit
perhaps Ubuntu provides such a tool, too, at least there's a news page
https://www.ubuntu.com/usn/
Regards,
Ralf
More information about the ubuntu-studio-devel
mailing list