Provide a way to verify the authenticity of your ISOs

Please sign the checksum file and upload a public key to a trustworthy keyserver. Or use a method of your own choice. Downloading both the ISO and its checksum from an obscure server, unencrypted, is hardly a confidence booster. Even SourceForge is a better choice. Otherwise, you’re doing a great job. Congratulations! Long live Unity!

I would like to see if there could be a way to verify the authenticity of the checksums with a GPG key, I would be willing to make those GPG keys with new ISO releases :slight_smile:

For now a sha256 would do just fine, preferebly posted by the maker in a public place like this very forum or Ubuntu Unity’s website. We need some sort of assurance that the ISO is originating from the maker.

+1! This should really be a feature.

so, with the great new step of being official, this may be considered as done then, i guess (-:

21ca0fe993c1d3b5b9fee84bd49c970943c62f4de44e088a1258c5c2016d3494 *kinetic-desktop-amd64.iso

cdimage.ubuntu.com

If you use zsync to download and update the kinetic iso it runs a checksum automatically.