I was just wondering, is there any way of how to securely get checksum from major branches of ubuntu? As a general rule I do not trust anything that can be easily manipulated for that I do not believe anything coming from HTTP://* addresses.
BR Filip
There is no added benefits to using https for checksums. HTTP might be insecure but that does not make the "sums are provided over HTTP" insecure. See the discussion on launchpad about this. Comment 8:
It doesn't matter if the ISO, checksums, and public keys are served insecurely (although it would be simple if they were), as long as the public key fingerprint is served securely, which it already is on the VerifyIsoHowto page.
