That part is easy because it could be a open script with probably less then 10 lines of code.
On Tue, Sep 15, 2015 at 12:23 PM, J Fernyhough <j.fernyho...@gmail.com> wrote: > And how would you know the Ubuntu-branded downloader is secure? > > I think you're over-complicating things here. Anyone interested in > verifying a download is correct can verify the posted SHAsum, and anyone > really concerned could install from a netboot (mini.iso), check its seed > file, and download all packages from a known repo. > > If you are concerned about an installer download becoming compromised > during transport then you should also be concerned about the apt transport > used - I'm assuming you set your deb sources to https? If not, then a > 'secure' installer image is moot. > > J > > > > On 15 September 2015 at 20:10, Ryein Goddard <ryein.godd...@gmail.com> > wrote: > >> You could add multiple sources that store an encrypted checksum and then >> reference that with an Ubuntu branded downloader. That program would be >> pretty easy to make and it would abstract away all requirements for >> anything time consuming from the user. >> >> On Tue, Sep 15, 2015 at 3:53 AM, Ralf Mardorf <ralf.mard...@alice-dsl.net >> > wrote: >> >>> On Mon, 14 Sep 2015 15:07:02 -0700, Ryein Goddard wrote: >>> >On Mon, Sep 14, 2015 at 10:32 AM, Ralf Mardorf wrote: >>> >> On Mon, 14 Sep 2015 16:19:36 +0000 (UTC), rajeev bhatta wrote: >>> >> >It is not time consuming.. just for the user experience.. >>> >> >>> >> IMHO for averaged users it is time consuming. Even a power users not >>> >> necessarily deals with the right people to get a key she or he can >>> >> trust, that can be used to verify ownership of the particular >>> >> public Ubuntu key. >>> >> >>> >> I am a Linux power user and I don't own a key to verify the >>> >> particular public key, that belongs to the key, that was used to >>> >> sign the Ubuntu images. >>> >> >>> >> Please let me know, how I can get such a key, without spending much >>> >> time ;). >>> > >>> >If a current method doesn't exist then maybe we can just create one? >>> >>> How will you make it less time consuming? >>> >>> You need to meet other people in the real world, in addition you >>> need to know and trust those people and in addition they need to trust a >>> chain of trusted keys, that confirms ownership of the public Ubuntu key >>> in question. https://en.wikipedia.org/wiki/Web_of_trust >>> >>> This already is hard to realise for hardcore computer geeks and >>> completely illusorily for those who's centre of life isn't the >>> operating system of their computers or digital security. >>> >>> -- >>> Ubuntu-devel-discuss mailing list >>> Ubuntu-devel-discuss@lists.ubuntu.com >>> Modify settings or unsubscribe at: >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss >>> >> >> >> -- >> Ubuntu-devel-discuss mailing list >> Ubuntu-devel-discuss@lists.ubuntu.com >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss >> >> > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > >
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
