Re: httpS download of iso images

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: httpS download of iso images

Joel Rees


2019年1月29日(火) 7:26、Peter He さん([hidden email])のメッセージ:
Please, in the name of most Ubuntu users, who will NOT verify their
downloaded image using GPG, make the default download from the
official website use httpS.

Thank You

(Many users do not have a web of trust set up, to properly use gpg,
but can rely on the public key infrastructure, given that public keys
of certificate authorities are shipped with their existing OS and
browser.)

Well, there is something to be said for thinking you can, I suppose.

Users should learn how to bootstrap their own web of trust rather than relying on what appears to be from within a pile of third-party certificates of unverifiable origin.

I'm going to voice myself of the opinion that developers should not use their valuable time encouraging users to rely on the unreliable instead of establishing a web of trust they can trust.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users