I'm trying to download ubuntu desktop securely.
This is the link on the ubuntu.com website:
http://releases.ubuntu.com/14.04.2/ubuntu-14.04.2-desktop-i386.iso
And here is the SHA256 hash link:
http://releases.ubuntu.com/trusty/SHA256SUMS
Problem is, both these links are http, and the ubuntu.com server doesn't seem to support https. Is there any way I can download the .iso securely?
Best Answer
The key fingerprints are on https://help.ubuntu.com/community/VerifyIsoHowto
Currently they are
You can retrieve them both with:
If you're already on an Ubuntu system the package
ubuntu-keyring
has these keys in/usr/share/keyrings/ubuntu-archive-keyring.gpg
which you can import withgpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg
.