Security BUG - UbuntuHashes doesn't contains SHA256!! WHY?
lancebaynes87
lancebaynes87 at zoho.com
Thu Jun 2 21:44:55 UTC 2011
:D it's a 5 minute fix, and it's still not implemented.
http://i.imgur.com/XhJhc.jpg
/was/:
https://help.ubuntu.com/community/UbuntuHashes -> it's not having at least SHA256, insted they use the insecure MD5..
To verify the downloaded iso file Ubuntu would just need SHA256 hashes over HTTPS. but nooooo, they wont do it...
---- On Tue, 31 May 2011 00:06:49 -0700 lancebaynes87 <lancebaynes87 at zoho.com> wrote ----
ok, sry, the problem is, that it could be simply fixed and it would took only ~5 minutes for 1 person. but they don't give a sh*t
---- On Mon, 30 May 2011 23:38:46 -0700 Alan Pope <alan at popey.com> wrote ----
Hi,
On 31 May 2011, at 06:48, lancebaynes87 <lancebaynes87 at zoho.com> wrote:
> Great.. so there's
>
> ***___NO WAY___***
>
> that I (a regular little user) could securely check that the downloaded Ubuntu installer ISO is really the ISO provided by Ubuntu.
>
Please tone down the attitude on this list. Whilst you may have found a bug, shouting at us in all caps won't help or fix it. Given you have a bug report open I would keep the discussion there.
Al.
--
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110602/d8ae3e6e/attachment.html>
More information about the ubuntu-users
mailing list