Bad signature for Ubuntu 10.04
yukku yukkoooooo
yukku19752000 at yahoo.com
Wed May 19 16:42:55 UTC 2010
Karl,
Very many thanks for your solution. But don't I have to verify the signature file using gpg ?
Because if somebody maliciously injects malware into the iso file then he might just as well change the checksum file to his liking.
To guard against that I have to make sure the checksum file is signed using GPG corectly and that will improve my confidence in the downloaded binary.
Besides I see that fedora has already moved to sha256sum. I think its high time ubuntu moved with the times as I have read recent reports that sha 128 may soon be the next on the hackers trophies.
From the link I provided on my first mail, ubuntu developers know that the signature file is not right. But I am not sure why the website releases.ubuntu.com does not have the correct and fixed signature file.
You might ask why I am so fussy about this. Well, one of my use cases for this file needs a correct binary.
And thanks a lot for your help.
Yukku
More information about the ubuntu-users
mailing list