Hi, what is the need for a publicly available iso to be secured... All packages bundled are already publicly available...
Md5 files makes sense as it is necessary for maintaining the validity of the file download and not let users be tricked by a incorrect file being passed as a correct one. I do agree with you that the instructions for validating the file should be available with the download. Thanks On Sep 11, 2015 12:18 PM, Rune Schjellerup Philosof <r...@philosof.dk> wrote: > > Hi > > I am puzzled by the absence of a secure method of downloading the ubuntu > iso images. > www.ubuntu.com is not served over https and neither is releases.ubuntu.com. > > None of the mirrors are using https. > > Isn't this a major security flaw? > > I know that there are md5sum files and they are gpg signed as well. And if > you search for it you might find > https://help.ubuntu.com/community/VerifyIsoHowto. > But on www.ubuntu.com there are no instructions reminding you to verify > the download. > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
