>Also md5 isn't as reliable as gpg, from what I've read.
The download page provides an md5sum and an ASCII-armoured GPG signature.
MD5 is fine for verifying that the download did not corrupt along the way.
MD5 is vulnerable to certain attacks that makes it unsuitable for storing
passwords.
Then you verify GPG signatures to make sure that the file you received is
from who you think it is.
Although certainly I would agree there should be SHA512 sums, it isn't really
an issue for this scenario if used along cryptographic signatures unless the
private keys got compromised in some way.
Looking at that forum there is no option (as far as I can tell) in the
network installer to install on a disk other than /dev/sda. The forum has
exactly my problem so obviously this was something the Ubuntu developers
introduced when they modified the Debian text installer to make it more 'user
friendly'!