[Bug 953788] New: Leap 42.1 and Tumbleweed ISO cd-image files miss PGP signatures
http://bugzilla.opensuse.org/show_bug.cgi?id=953788 Bug ID: 953788 Summary: Leap 42.1 and Tumbleweed ISO cd-image files miss PGP signatures Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: openSUSE 42.1 Status: NEW Severity: Major Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: kolAflash@kolAhilft.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- There used to be *.asc files with PGP signatures to every ISO cd-image file download. http://download.opensuse.org/distribution/13.2/iso/ Those are missing for the current Leap-42.1 and Tumbleweed downloads. http://download.opensuse.org/tumbleweed/iso/ http://download.opensuse.org/distribution/leap/42.1/iso/ I consider those PGP signatures very important! Providing a manipulated installation image is an ideal attack vector! And download.opensuse.org is NOT accessible via httpS. Nevertheless, also with HTTPS I'd prefer the ability to check downloads via PGP. All other major Linux distros I checked provide PGP files. (either directly on the ISO cd-image files or on the SHA256SUM / SHA512SUM files). https://getfedora.org/de_CH/static/checksums/Fedora-Workstation-23-x86_64-CH... http://cdimage.debian.org/debian-cd/8.2.0/amd64/iso-cd/SHA512SUMS.sign http://releases.ubuntu.com/14.04.3/ http://releases.ubuntu.com/14.04.3/SHA256SUMS.gpg https://mirror.aarnet.edu.au/pub/archlinux/iso/2015.11.01/archlinux-2015.11.... https://mirror.aarnet.edu.au/pub/archlinux/iso/2015.11.01/archlinux-2015.11.... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=953788
http://bugzilla.opensuse.org/show_bug.cgi?id=953788#c1
Ludwig Nussel
http://bugzilla.opensuse.org/show_bug.cgi?id=953788
http://bugzilla.opensuse.org/show_bug.cgi?id=953788#c2
--- Comment #2 from kolA flash
http://bugzilla.opensuse.org/show_bug.cgi?id=953788
http://bugzilla.opensuse.org/show_bug.cgi?id=953788#c3
Stephan Kulow
http://bugzilla.opensuse.org/show_bug.cgi?id=953788
http://bugzilla.opensuse.org/show_bug.cgi?id=953788#c4
--- Comment #4 from kolA flash
participants (1)
-
bugzilla_noreply@novell.com