Security BUG - UbuntuHashes doesn't contains SHA256!! WHY?
KD
kdall99 at hotmail.com
Tue May 31 08:39:05 UTC 2011
lancebaynes87 <lancebaynes87 <at> zoho.com> writes:
> Great.. so there's
>
> ***___NO WAY___***
>
> that I (a regular little user) could securely check that the downloaded Ubuntu
> installer ISO is really the ISO provided by Ubuntu.
And what would a SHA256 hash help you with that?
Exactly, nothing.
> p.s.: and NO...GPG is not the solution... why? because:
> https://encrypted.google.com/search?btnG=g&hl=en&num=50&source=hp&
> =HTTP+Keyserver+Protocol&meta=
> IT'S NOT USING HTTPS!! (when importing GPG key) so security = 0
OK, this proves beyond any doubt that you don't understand the stuff you're
talking about.
> THE SOLUTION WOULD ONLY TOOK 5 MINUTES!! WHY DOESN'T THEY FIX IT?? WHY??
>
> IT'S A BIG SECURITY HOLE, AND THERE'S NO EXPLANATION WHY DON'T THEY UPDATE THE
/UbuntuHashes site
Instead of yelling, shouting, foot stomping and talking nonsense you should
occupy yourself with trying to get a basic understanding of how hashing and
public key encryption work and what those techniques can be used for.
More information about the ubuntu-users
mailing list