Check signature of SHA256SUMS
Bug #1198157 reported by
Colin Watson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Phablet Tools |
Confirmed
|
High
|
Sergio Schvezov |
Bug Description
Thanks for switching phablet-tools to use SHA256SUMS rather than the separated .md5sums files (bug 1196585). It would be a good idea to check the signature on that file too, since otherwise phablet-tools is vulnerable to man-in-the-middle attacks.
The ubuntu-keyring package is installed by default on all Ubuntu systems and contains /usr/share/
Changed in phablet-tools: | |
status: | New → Confirmed |
assignee: | nobody → Sergio Schvezov (sergiusens) |
importance: | Undecided → High |
To post a comment you must log in.