← Back to team overview

documentation-packages team mailing list archive

[Bug 1288593] Re: Please include SHA256 or SHA512 hashes on Ubuntu Hashes page


I'm marking this invalid for the ubuntu-cdimage project.  The cdimage
team considers this wiki page redundant with the gpg-signed SUMS files
that we already publish via releases.ubuntu.com and cdimage.ubuntu.com.
Correctly verifying a trust path with gpg is not great for usability,
but given that the SSL CA regime is known to be exploitable, I don't
think we should encourage users to rely on it.

And if the docs team (who I believe is the party owning help.ubuntu.com)
disagrees, they can continue to maintain this wiki page - but in any
event this isn't a bug for the ubuntu-cdimage project, as the active
members of ubuntu-cdimage don't have write access to this wiki page

** Changed in: ubuntu-cdimage
       Status: New => Invalid

You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.

  Please include SHA256 or SHA512 hashes on Ubuntu Hashes page

Status in Ubuntu CD image build software:
Status in ubuntu-docs package in Ubuntu:

Bug description:
  Could SHA256 and/or SHA512 hashes please be included on the Ubuntu
  Hashes page (currently located at
  https://help.ubuntu.com/community/UbuntuHashes ?

  Currently, only MD5 is included, and this is the only https-protected
  official page I could find with the hashes. As can be seen in the
  Wikipedia page ( https://en.wikipedia.org/wiki/MD5 ) and the many
  citations of source material, MD5 is no longer recommended for this
  type of usage.

  Also - would it be possible to make the Ubuntu Hashes page more
  prominent for downloaders of the various Ubuntu software? It would be
  very helpful for checking the integrity of the ISOs against

  Thanks in advance.

To manage notifications about this bug go to: