documentation-packages team mailing list archive
-
documentation-packages team
-
Mailing list archive
-
Message #01502
[Bug 1288593] Re: Please include SHA256 or SHA512 hashes on Ubuntu Hashes page
I'm marking this invalid for the ubuntu-cdimage project. The cdimage
team considers this wiki page redundant with the gpg-signed SUMS files
that we already publish via releases.ubuntu.com and cdimage.ubuntu.com.
Correctly verifying a trust path with gpg is not great for usability,
but given that the SSL CA regime is known to be exploitable, I don't
think we should encourage users to rely on it.
And if the docs team (who I believe is the party owning help.ubuntu.com)
disagrees, they can continue to maintain this wiki page - but in any
event this isn't a bug for the ubuntu-cdimage project, as the active
members of ubuntu-cdimage don't have write access to this wiki page
anyway.
** Changed in: ubuntu-cdimage
Status: New => Invalid
--
You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.
https://bugs.launchpad.net/bugs/1288593
Title:
Please include SHA256 or SHA512 hashes on Ubuntu Hashes page
Status in Ubuntu CD image build software:
Invalid
Status in ubuntu-docs package in Ubuntu:
Confirmed
Bug description:
Could SHA256 and/or SHA512 hashes please be included on the Ubuntu
Hashes page (currently located at
https://help.ubuntu.com/community/UbuntuHashes ?
Currently, only MD5 is included, and this is the only https-protected
official page I could find with the hashes. As can be seen in the
Wikipedia page ( https://en.wikipedia.org/wiki/MD5 ) and the many
citations of source material, MD5 is no longer recommended for this
type of usage.
Also - would it be possible to make the Ubuntu Hashes page more
prominent for downloaders of the various Ubuntu software? It would be
very helpful for checking the integrity of the ISOs against
corruption.
Thanks in advance.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-cdimage/+bug/1288593/+subscriptions
References