[–] noondip 10y ago ↗ Here's where I would download Ubuntu ISOs from, http://releases.ubuntu.com/ and these are the instructions I would use for verifying them, https://help.ubuntu.com/community/VerifyIsoHowto [–] erikb 10y ago ↗ Edit: Accepted, but does that mean you don't need https for your website?Old text: "The hashes are also not under https domains. How do you know where they come from?" [–] mobiuscog 10y ago ↗ Isn't that the point of the signature verification ? [–] noondip 10y ago ↗ The hashes files are cryptographically signed with GPG. Using the web of trust, you can be sure the files were created by the developers.
[–] erikb 10y ago ↗ Edit: Accepted, but does that mean you don't need https for your website?Old text: "The hashes are also not under https domains. How do you know where they come from?" [–] mobiuscog 10y ago ↗ Isn't that the point of the signature verification ? [–] noondip 10y ago ↗ The hashes files are cryptographically signed with GPG. Using the web of trust, you can be sure the files were created by the developers.
[–] noondip 10y ago ↗ The hashes files are cryptographically signed with GPG. Using the web of trust, you can be sure the files were created by the developers.
5 comments
[ 3.3 ms ] story [ 24.7 ms ] threadOld text: "The hashes are also not under https domains. How do you know where they come from?"