Continued maintenance of the UbuntuHashes wiki page
Ian Nicholson
ian at binaryash.net
Fri Jul 10 02:22:34 UTC 2015
On 07/09/2015 04:26 PM, Alberto Salvia Novella wrote:
> Why do you think having those hashes there is important?
I think that an argument can be made(I'm not necessarily saying that
this is a *valid* argument) that if Eve was running a MITM attack on
Alice's iso download, Eve would have to then compromise both
cdimages.ubuntu.com and wiki.ubuntu.com(or Alice's connections to those
hosts) in order to ensure that Alice(who always checks both SHA256 and
MD5 signatures) isn't alerted to malicious activity.
Of course that's all hypothetical and dependent on way that the trusted
hashes are generated, I won't be offended if you aren't as paranoid as I
am. ;)
I don't really feel like I contribute enough to say that I'm "voting",
but my general feeling is that if there's someone who's committed to
ensuring that the wiki page up to date, what's the harm in keeping it?
--
Ian Nicholson
More information about the ubuntu-doc
mailing list