[ubuntu-studio-devel] Antivirus, code / app content scanning.

Ralf Mardorf ralf.mardorf at alice-dsl.net
Thu Oct 6 22:26:09 UTC 2016


On Thu, 6 Oct 2016 23:12:35 +0200, Set Hallstrom wrote:
>The best way to be sure you're copy is integer is to do a checksum of
>the downloaded ISO
>https://help.ubuntu.com/community/HowToSHA256SUM

It should be verified by a signed checksum. The above link mentions
this, too. However, there are several links explaining it, one of the
better links IMO is this one:

https://www.ubuntu.com/download/how-to-verify

The Ubuntu flavour Ubuntu Studio signed checksums are available at:

http://cdimage.ubuntu.com/ubuntustudio/releases/xenial/release/

>AFAIK, all the code is carefully reviewed by the Ubuntu community.

FWIW packages are signed, too and this is automatically checked when
installing a package.

However, this doesn't protect against vulnerabilities.

Ubuntu has got a CVE tracker

https://people.canonical.com/~ubuntu-security/cve/

as other distros have got, too, e.g.

https://wiki.archlinux.org/index.php/CVE

Arch has got a tool to check the CVE data related to official Arch
packages

https://aur.archlinux.org/packages/arch-audit

perhaps Ubuntu provides such a tool, too, at least there's a news page

https://www.ubuntu.com/usn/

Regards,
Ralf



More information about the ubuntu-studio-devel mailing list