Comment 22 for bug 1464064

Is it me or are the people who defend Ubuntu's lack of security deliberately avoiding the issue?

The checksums and ISO files on releases.ubuntu.com and archive.ubuntu.com (and possibly more) are 100% vulnerable to MITM attacks for *NON-APT USERS*.

Do not assume that the entire world is using APT... In fact, the MAJORITY of people who downloaded Ubuntu did so using their browser.

All these people are at risk of running a compromised Ubuntu installation.

You had the chance to fix this issue 3 years ago... I don't know what else to say.