« Return to Thread: Securely downloading Ubuntu
Securely downloading Ubuntu
by Chris Lamb-3
::
Rate this Message:
Hi,
Is it actually possible to securely download Ubuntu?
A typical mirror contains an MD5SUMS and an associated MD5SUMS.gpg [0].
However, the MD5 digest algorithm is utterly broken and the key is signed
by just a handful of people anyway[1], only two of which I (visually)
recognise as having anything to do with the Ubuntu project.
If the MD5SUMS files are purely for validating downloads[3], could the
completely useless/misleading GPG files be dropped?
/Lamby
[0] http://cdimage.ubuntu.com/releases/7.10/release/
[1] http://preview.tinyurl.com/2llzqr
[2] https://help.ubuntu.com/community/VerifyIsoHowto
--
Chris Lamb, UK chris@...
GPG: 0x634F9A20
--
ubuntu-devel mailing list
ubuntu-devel@...
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Is it actually possible to securely download Ubuntu?
A typical mirror contains an MD5SUMS and an associated MD5SUMS.gpg [0].
However, the MD5 digest algorithm is utterly broken and the key is signed
by just a handful of people anyway[1], only two of which I (visually)
recognise as having anything to do with the Ubuntu project.
If the MD5SUMS files are purely for validating downloads[3], could the
completely useless/misleading GPG files be dropped?
/Lamby
[0] http://cdimage.ubuntu.com/releases/7.10/release/
[1] http://preview.tinyurl.com/2llzqr
[2] https://help.ubuntu.com/community/VerifyIsoHowto
--
Chris Lamb, UK chris@...
GPG: 0x634F9A20
--
ubuntu-devel mailing list
ubuntu-devel@...
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
signature.asc (196 bytes) « Return to Thread: Securely downloading Ubuntu
| Free embeddable forum powered by Nabble | Forum Help |
