Is ubuntu cdimage site, which is http, secure?

security https downloads cd-image

Ubuntu's cdimage site is http,

Is it safe to download from here?

(because it is not https, that is why I'm asking)


It's safe to download from there, as even if you suffer a MiTM attack, the checksum validation will detect your image is flawed and so it doesn't matter (you can use zsync to correct it).

Myself, I often download from my local mirror (faster & it used to be quota free when downloaded from my ISPs mirror), then verified their copy by comparing the calculated checksum obtained from the main site.

(these days I usually zsync a download; so by downloading only the differences from another ISO I already have; the percentage of the ISO I download is usually 85-95% complete when I start; ie. if I want Xubuntu; I may start with the Ubuntu ISO if I have it for the same release; or a similar release. zsync also validates the ISO at the end of the download)

CD mirrors can be found at https://launchpad.net/ubuntu/+cdmirrors

How to validate your ISO after download can be found at https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#0

Related

Ubuntu 21.04. Does apt update and apt upgrade work on all apps?
I'm trying to create a bootable usb for ubuntu 20.04 on ubuntu 12.04
My Ubuntu freezes everytime there's an update
How can I bypass the Ubuntu install username requirements?
Mongoose pagination from server side
Typescript generic syntax for merge
Sort List by alphabetical order
Drop specific date in dataframe
How to get all emails?
How do I pass in a dictionary from python into react as an object? [duplicate]
How to disable Python shell spawning "less" with "help"
TinyMCE copy and paste source code from clipboard