All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Security Concerns and PGP Verification Guidance for xubuntu.org Downloads

By

28304283409234

8mo ago· 2 min readenInsight

Summary

The article discusses concerns about the xubuntu.org website potentially being compromised, specifically mentioning that torrent downloads from the site are serving a zip file. It provides guidance on proper PGP key verification methods, emphasizing the importance of correctly obtaining and verifying public keys through methods like checking the web of trust, verifying fingerprints, and using historical archives like archive.org to confirm key consistency over time.

Source

Hacker NewsSecurity Concerns and PGP Verification Guidance for xubuntu.org Downloadsold.reddit.com

Key quotes

· 4 pulled
No, if you're doing it like that, you're not at all using PGP correctly.
Yes, you may need to get the public key if you don't already have it, and yes, the web site might also have fingerprint of the public key, but you need be sure you've got the correct public key, e.g. checking the web of trust - from your - or other known good key(s) to the key in question.
Additionally, pubic keys don't change nearly so frequently, so one can also, e.g. check what the public key not only might presently show on web site, but what it showed there months, even year(s) ago, e.g. via archive.org.
Torrent downloads over at [https://xubuntu.org/download/](https://xubuntu.org/download/) are serving a [zip...
Snippet from the RSS feed
Torrent downloads over at [https://xubuntu.org/download/](https://xubuntu.org/download/) are serving a [zip...

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.