documentation-packages team mailing list archive
Mailing list archive
[Bug 1288593] Re: Please include SHA256 or SHA512 hashes on Ubuntu Hashes page
I'm marking this invalid for the ubuntu-cdimage project. The cdimage
team considers this wiki page redundant with the gpg-signed SUMS files
that we already publish via releases.ubuntu.com and cdimage.ubuntu.com.
Correctly verifying a trust path with gpg is not great for usability,
but given that the SSL CA regime is known to be exploitable, I don't
think we should encourage users to rely on it.
And if the docs team (who I believe is the party owning help.ubuntu.com)
disagrees, they can continue to maintain this wiki page - but in any
event this isn't a bug for the ubuntu-cdimage project, as the active
members of ubuntu-cdimage don't have write access to this wiki page
** Changed in: ubuntu-cdimage
Status: New => Invalid
You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.
Please include SHA256 or SHA512 hashes on Ubuntu Hashes page
Status in Ubuntu CD image build software:
Status in ubuntu-docs package in Ubuntu:
Could SHA256 and/or SHA512 hashes please be included on the Ubuntu
Hashes page (currently located at
Currently, only MD5 is included, and this is the only https-protected
official page I could find with the hashes. As can be seen in the
Wikipedia page ( https://en.wikipedia.org/wiki/MD5 ) and the many
citations of source material, MD5 is no longer recommended for this
type of usage.
Also - would it be possible to make the Ubuntu Hashes page more
prominent for downloaders of the various Ubuntu software? It would be
very helpful for checking the integrity of the ISOs against
Thanks in advance.
To manage notifications about this bug go to: