Ubuntu's cdimage site is http,
Is it safe to download from here?
(because it is not https, that is why I'm asking)
Asked
Active
Viewed 248 times
1 Answers
5
It's safe to download from there, as even if you suffer a MiTM attack, the checksum validation will detect your image is flawed and so it doesn't matter (you can use zsync to correct it).
Myself, I often download from my local mirror (faster & it used to be quota free when downloaded from my ISPs mirror), then verified their copy by comparing the calculated checksum obtained from the main site.
(these days I usually zsync a download; so by downloading only the differences from another ISO I already have; the percentage of the ISO I download is usually 85-95% complete when I start; ie. if I want Xubuntu; I may start with the Ubuntu ISO if I have it for the same release; or a similar release. zsync also validates the ISO at the end of the download)
CD mirrors can be found at https://launchpad.net/ubuntu/+cdmirrors
How to validate your ISO after download can be found at https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#0
guiverc
- 30,396
-
1Also related - Is verifying ISOs download worthwhile – guiverc Aug 07 '21 at 12:03