Comment 7 for bug 146895
Revision history for this message
| Kannan Goundan (cakoose) wrote How about a downloadable authentication program? | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I realize this seems to be an uncommon use case, so let me explain how I ran into it. My coworkers (in a different city) will, when looking for a Linux distribution to install, just install whatever Fedora version is lying around. Burning an Ubuntu ISO doesn't seem very difficult but it's a significant barrier when the person is mostly apathetic. First of all, they have a Fedora CD and can start installing *now* instead of waiting for the Ubuntu ISO to download. Second, they may not have a blank CD on hand. My plan was to mail them an Ubuntu CD so those two barriers disappear.
The problem is that I really shouldn't be asking anyone to install software off of a CD they got in the mail. Getting people into that habit is just begging for an Ubuntu botnet. It's probably an uncommon attack vector right now, but isn't that always how it starts out? (Hmm... what if someone started mailing out fake ShipIt packages?)
One idea: Create a tiny authentication program that will either say: "The CD in your CD drive is not a valid Ubuntu installation CD" or "The CD in your CD drive is an Ubuntu installation CD for version X". This program could be made available over SSL from the Ubuntu website with pre-built binaries for Windows, Linux, and whatever else is common. I think the ease of having a ready-to-go Ubuntu CD offsets the pain of downloading and running the authenticator program.
BTW, if it's possible to extract the ISO and check that, then that's half a solution. If I wanted to use an Ubuntu CD I saw lying around at work, I'd be willing to extract the ISO and do the checksum. But I think the lazy/apathetic person use case is still important.