I'm concerned that Ubuntu checksums are provided via http and not https server. I'm storing a number of iso images and time to time I run a checksum script that validates my images against the checksums. I would like to be sure that I'm getting the checksums from Ubuntu and not from somewhere else.
Moving checksums to https would make sense, and I do not think that it would be super expensive.
