Probably a good idea to have something on the site reminding users to verify the download. Especially something as important as the operating system.
On Mon, Sep 14, 2015 at 3:49 AM, Rajeev Bhatta <techie.raj...@yahoo.in> wrote: > Hi, what is the need for a publicly available iso to be secured... All > packages bundled are already publicly available... > > Md5 files makes sense as it is necessary for maintaining the validity of > the file download and not let users be tricked by a incorrect file being > passed as a correct one. > > I do agree with you that the instructions for validating the file should > be available with the download. > > Thanks > > On Sep 11, 2015 12:18 PM, Rune Schjellerup Philosof <r...@philosof.dk> > wrote: > > > > Hi > > > > I am puzzled by the absence of a secure method of downloading the ubuntu > > iso images. > > www.ubuntu.com is not served over https and neither is > releases.ubuntu.com. > > > > None of the mirrors are using https. > > > > Isn't this a major security flaw? > > > > I know that there are md5sum files and they are gpg signed as well. And > if > > you search for it you might find > > https://help.ubuntu.com/community/VerifyIsoHowto. > > But on www.ubuntu.com there are no instructions reminding you to verify > > the download. > > > > -- > > Ubuntu-devel-discuss mailing list > > Ubuntu-devel-discuss@lists.ubuntu.com > > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss >
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
