Comment 8 for bug 789688

Belabela,

Publicly editable does not mean it's insecure. The Wiki does keep track of all edits so that an audit can happen. By your theory the information you linked to on Wikipedia is insecure as well, because I can go and edit it freely and forge all kinds of information. HTTPS does not make an editable wiki more secure.

Aside from that, you can also compare each version (edit.) You would need to compromise the back-end to the wiki to forge the edit, and even then an admin can go back and revert the edit and disclose the false edit warning the community at large that a compromise happened and that they should validate their ISO's if downloaded during that given time frame.

To also note, everything on those mirrors is directly from Ubuntu, they do not create the sums themselves and Ubuntu provides sums, as you can clearly see here at http://cdimage.ubuntu.com/releases/11.04/release/SHA256SUMS and http://cdimage.ubuntu.com/releases/11.04/release/SHA1SUMS.

As far as the HTTPS, my suggestion is that you create a separate bug for that and request that they add HTTPS to the CDIMAGE site.