Re: Getting ubuntu iso securely

Ah, sorry - I got lost in the nested quotation (it's what happens when there's inconsistent top/bottom posting combined with Gmail). So essentially the thread can be summed up with: the Ubuntu download "thank you" page [1] needs instructions on how to verify the image has downloaded correctly. Th

Re: Getting ubuntu iso securely

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rune Schjellerup Philosof wrote on 11/09/15 07:48: > > I am puzzled by the absence of a secure method of downloading the > ubuntu iso images. www.ubuntu.com is not served over https and > neither is releases.ubuntu.com. I reported this as a bug in

Re: Getting ubuntu iso securely

Even an Windows user could use the checksums as described by https://help.ubuntu.com/community/VerifyIsoHowto using any Linux live media. A chicken-and-egg problem will stay, as long as the user doesn't own trusted keys to verify ownership of the Ubuntu key, that was used to sign the image's check

Re: Getting ubuntu iso securely

On Wed, Sep 16, 2015 at 12:18:02PM +0100, Matthew Paul Thomas wrote: > This is a hard problem, because the mirrors are provided by > volunteers. Requiring them to use > HTTPS would be an extra burden. [...] > Even if you did see and understand, you're probably on