Our distribution directories such as http://mirror.anl.gov/pub/ubuntu- iso/DVDs/ubuntu/12.04/release/ have SHA256SUMS and SHA256SUMS.gpg files that would be safer to use -- the SHA256SUMS file is gpg signed with a detached signature, and this does a significantly better job protecting the data you care about -- the hash of the ISO.
HTTPS is convenient, but someone in a position to perform a DNS poisoning attack and convince one of the many certificate authorities to issue a fraudulent certificate can bypass the HTTPS verifications easily. Thanks ** Package changed: ubuntu => ubuntu-docs (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1219589 Title: ubuntu-12.04.3-desktop-amd64.iso md5sum missing from https://help.ubuntu.com/community/UbuntuHashes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1219589/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
