>But then the hashsum check does not provide significantly more security >than just downloading the file via https.
Hadmut, https doesn't mean connection secure, because we can't generally trust the server PKI, and that link used to be in http only since some months ago. A double check of the hash doesn't hurt. I might consider removing it if I feel comfortable, but right now with all the sslstrip and ettercap plugins around, this might make security worse. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767402 Title: [SRU] hash mismatch or wrong accept-license key trying to install virtualbox-ext-pack 5.2.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virtualbox-ext-pack/+bug/1767402/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
