5 comments

[ 3.3 ms ] story [ 24.7 ms ] thread
Maybe I've missed something, but I can't get it to use HTTPS.
Here's where I would download Ubuntu ISOs from, http://releases.ubuntu.com/ and these are the instructions I would use for verifying them, https://help.ubuntu.com/community/VerifyIsoHowto
Edit: Accepted, but does that mean you don't need https for your website?

Old text: "The hashes are also not under https domains. How do you know where they come from?"

Isn't that the point of the signature verification ?
The hashes files are cryptographically signed with GPG. Using the web of trust, you can be sure the files were created by the developers.