Ubuntu torrent downloads should include the PGP signature and the SHA256SUM. That would guarantee that the PGP signature and the S256SUM (current available at releases.ubuntu.com) aren't tampered.
Asked
Active
Viewed 26 times
1
-
2"That would guarantee that the PGP signature and the S256SUM (current available at releases.ubuntu.com) aren't tampered." Sure but so does matching it from the ISO against the official website after downloading the ISO so adding them to the torrent is not needed. – Rinzwind Jan 26 '21 at 16:49
-
What if the site is tampered too? – Luna Jan 26 '21 at 17:21
-
If the site were compromised, then the torrent link likely would also point to a compromised seed. – user535733 Jan 26 '21 at 17:38
-
Depending on your level of trust, torrents already include verification of file integrity. – KGIII Jan 26 '21 at 19:56