elementary OS

No way to verify OS download.

Asked by Austin

Your website does not support SSL. You don't provide SHA2 sums of the ISO file. You don't sign your releases with a developer signing key. It's 2015. Are you seriously encouraging users to download their operating system over http and hope for the best? This is inexcusable. You are making yourself a potential vector for malware by not taking these basic steps. My sister's blog has SSL. You're developing an operating system. WTF.

Question information

Language:
English Edit question
Status:
Answered
For:
elementary OS Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Cassidy James Blaede (cassidyjames) said : 		#1

Our website does support SSL and will automatically route over HTTPS if your browser supports it. We also have an open issue on our website to add the shasums of the ISOs to the installation instructions page https://github.com/elementary/mvp/issues/502.

The site is completely open source if you'd like to/are able to contribute. If not, we'll get to it as soon as possible, but we're a very small team.

Can you help with this problem?

Provide an answer of your own, or ask Austin for more information if necessary.

To post a message you must log in.