Are the patches delivered securely?
Patches are secured through a number of mechanisms:
- Patches are signed by Canonical verifying their authenticity.
- Patch checksums are verified after patches are downloaded.
- Patches are delivered over HTTPS.
Previously to reduce file server load, patches were served via HTTP. This was acceptable as patch contents were verified based on checksums obtained from the Livepatch server (running via HTTPS).