[ubuntu] No https for hash pages.

view story

http://ubuntuforums.org – I'm trying to verify my iso by using the hashes on this page and I've run into a bit of confusion. Firstly. The hashes on UbuntuHashes page don't seem to be very useful because the available downloads are for versions 12.04.1. not 12.04. So on the HowToMD5SUM page it states "The MD5 hash must be signed or come from a secure source (an HTTPS page) of an organization you trust." and then sends you to http://releases.ubuntu.com/ where the 12.04.1 hashes can be found and verified. The problem is that that page is not HTTPS and, presumably, could have been tampered with. Am I being a (Hardware)