UbuntuHashes doesn't contains SHA256
Binary package hint: ubuntu-docs
It's great that
provides MD5 checksums over HTTPS, but theres a problem with MD5 - it't not trustable see link:
It would be a wise thing to use SHA256 instead of MD5:
because there are already SHA256SUMS in the mirror servers, e.g.:
p.s.: the problem serving SHA256SUMs over HTTP that it gives false sense of security.
It MUST be served over HTTPS to be trustable.
Please update the /UbuntuHashes site from MD5 hashes to SHA256 hashes
|Changed in ubuntu-docs (Ubuntu):|
|status:||New → Confirmed|
|visibility:||private → public|
|security vulnerability:||yes → no|