© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Don't we still have documentation directing users to check the md5sums to verify the integrity of their downloads? That needs to be fixed first.
Also if we're not asking users to do complete cryptographic verification with gpg, then checking a stronger hash instead of a weaker one doesn't add any real protection against an attacker because they can MITM both the image and the checksum downloads.