Provide a way to verify the authenticity of your ISOs

Please sign the checksum file and upload a public key to a trustworthy keyserver. Or use a method of your own choice. Downloading both the ISO and its checksum from an obscure server, unencrypted, is hardly a confidence booster. Even SourceForge is a better choice. Otherwise, you’re doing a great job. Congratulations! Long live Unity!

I would like to see if there could be a way to verify the authenticity of the checksums with a GPG key, I would be willing to make those GPG keys with new ISO releases :slight_smile:

For now a sha256 would do just fine, preferebly posted by the maker in a public place like this very forum or Ubuntu Unity’s website. We need some sort of assurance that the ISO is originating from the maker.

+1! This should really be a feature.

so, with the great new step of being official, this may be considered as done then, i guess (-:

21ca0fe993c1d3b5b9fee84bd49c970943c62f4de44e088a1258c5c2016d3494 *kinetic-desktop-amd64.iso

If you use zsync to download and update the kinetic iso it runs a checksum automatically.

Nice, I really hope the Ubuntu community can help with hosting the ISO files and doing checksums and GPG keys, now that it’s an official flavor! Must admit, Ubuntu Unity badly needed this for a long time.