Is ubuntu cdimage site, which is http, secure?
Ubuntu's cdimage site is http,
Is it safe to download from here?
(because it is not https, that is why I'm asking)
It's safe to download from there, as even if you suffer a MiTM attack, the checksum validation will detect your image is flawed and so it doesn't matter (you can use zsync
to correct it).
Myself, I often download from my local mirror (faster & it used to be quota free when downloaded from my ISPs mirror), then verified their copy by comparing the calculated checksum obtained from the main site.
(these days I usually zsync
a download; so by downloading only the differences from another ISO I already have; the percentage of the ISO I download is usually 85-95% complete when I start; ie. if I want Xubuntu; I may start with the Ubuntu ISO if I have it for the same release; or a similar release. zsync
also validates the ISO at the end of the download)
CD mirrors can be found at https://launchpad.net/ubuntu/+cdmirrors
How to validate your ISO after download can be found at https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#0