On Wed, Sep 16, 2015 at 12:18:02PM +0100, Matthew Paul Thomas wrote: > This is a hard problem, because the mirrors are provided by > volunteers. <https://wiki.ubuntu.com/Mirrors> Requiring them to use > HTTPS would be an extra burden.
[...] > Even if you did see and understand, you're probably on Windows, and if > you are, checking an md5sum requires downloading extra software. > > Regardless of platform, the software usually runs on the command line, > which is off-putting. > > Some graphical md5sum utilities are available, but most of them seem > to be downloadable only over HTTP, defeating the point. (If you're > willing+able to fake an Ubuntu download, you're willing+able to fake > an md5sum checker download too.) > > Even if you find and learn the necessary software, then (as Ralf > Maldorf pointed out) the process is bizarrely complicated. I wonder if BitTorrent can help us here. BitTorrent downloaders are available and presumably not that difficult to use (graphical, etc) on Windows too. They will check the checksum automatically. If the .torrent file we ship is on HTTPS, that's much easier to do bandwidth-wise. It'd be effectively what you said and it already exists. It's a downloader, hopefully available from HTTPS somewhere, that checksums. Downsides: probably doesn't work with proxies well because of the nature of the BitTorrent protocol (though it probably works fine with average home users' NAT routers, since clients generally speak uPnP, NAT-PMP etc). Still convoluted for users to download and use, further complicated because it's a general tool and the UX will present that rather than an Ubuntu ISO downloader which could be confusing. And, like you said, it needs to be the primary thing since we need to benefit users who don't know how to verify manually and will follow the defaults. The remaining convoluted-ness may thus make this unsuitable. But it is basically a "downloader" that's already there and readily available on Windows, so I thought I'd point this out. All that is needed is to make the .torrent file available over HTTPS.
signature.asc
Description: Digital signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
