On Thu, 6 Oct 2016 23:12:35 +0200, Set Hallstrom wrote: >The best way to be sure you're copy is integer is to do a checksum of >the downloaded ISO >https://help.ubuntu.com/community/HowToSHA256SUM
It should be verified by a signed checksum. The above link mentions this, too. However, there are several links explaining it, one of the better links IMO is this one: https://www.ubuntu.com/download/how-to-verify The Ubuntu flavour Ubuntu Studio signed checksums are available at: http://cdimage.ubuntu.com/ubuntustudio/releases/xenial/release/ >AFAIK, all the code is carefully reviewed by the Ubuntu community. FWIW packages are signed, too and this is automatically checked when installing a package. However, this doesn't protect against vulnerabilities. Ubuntu has got a CVE tracker https://people.canonical.com/~ubuntu-security/cve/ as other distros have got, too, e.g. https://wiki.archlinux.org/index.php/CVE Arch has got a tool to check the CVE data related to official Arch packages https://aur.archlinux.org/packages/arch-audit perhaps Ubuntu provides such a tool, too, at least there's a news page https://www.ubuntu.com/usn/ Regards, Ralf -- ubuntu-studio-devel mailing list ubuntu-studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel