On Mon, 14 Sep 2015 08:39:00 -0700, Ryein Goddard wrote: >Probably a good idea to have something on the site reminding users to >verify the download. Especially something as important as the >operating system.
Several times I put this issue in on *buntu mailing lists. Even if the download buttons would link to the download site with the signed checksums, instead of just downloading the image, while automatically https://help.ubuntu.com/community/VerifyIsoHowto would pop up too, then how do you expect that averaged users should get a key they trust, that can be used to verify ownership of a key that claims to be owned by Ubuntu? It's a well-meant idea, but Rune Schjellerup Philosof, Rajeev Bhatta and Ryein Goddard please be honest, how time consuming was it for you to get a key you trust, that can be used to verify ownership of the public Ubuntu key? Do you expect that an averaged user who automatically needs to get signed checksums provided by pushing a button, instead of visiting the download site on her/his own, would like to go through the hassle that comes with the web of trust? Regards, Ralf -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
