Please cryptographically sign appliance templates and other resources that can be downloaded from within the Proxmox Webinterface and verify the signature after download.
starting template download from: http://download.proxmox.com/appliances/system/debian-5.0-standard_5.0-2_i386.tar.gz
target file: /var/lib/vz/template/cache/debian-5.0-standard_5.0-2_i386.tar.gz
--2013-01-14 16:44:53-- http://download.proxmox.com/appliances/system/debian-5.0-standard_5.0-2_i386.tar.gz
Resolving download.proxmox.com... 188.165.151.222
Connecting to download.proxmox.com|188.165.151.222|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 137150485 (131M) [application/x-gzip]
Saving to: `/var/lib/vz/template/cache/debian-5.0-standard_5.0-2_i386.tar.gz.tmp.1917'
0K ........ ........ ........ ........ ........ ........ 2% 1.53M 83s
3072K ........ ........ ........ ........ ........ ........ 4% 1.57M 80s
6144K ........ ........ ........ ........ ........ ........ 6% 1.58M 78s
9216K ........ ........ ........ ........ ........ ........ 9% 1.59M 76s
12288K ........ ........ ........ ........ ........ ........ 11% 1.57M 74s
15360K ........ ........ ........ ........ ........ ........ 13% 1.56M 72s
18432K ........ ........ ........ ........ ........ ........ 16% 1.56M 70s
21504K ........ ........ ........ ........ ........ ........ 18% 1.59M 68s
24576K ........ ........ ........ ........ ........ ........ 20% 1.59M 66s
27648K ........ ........ ........ ........ ........ ........ 22% 1.58M 64s
30720K ........ ........ ........ ........ ........ ........ 25% 1.59M 62s
33792K ........ ........ ........ ........ ........ ........ 27% 1.39M 61s
36864K ........ ........ ........ ........ ........ ........ 29% 1.17M 60s
39936K ........ ........ ........ ........ ........ ........ 32% 1.52M 59s
43008K ........ ........ ........ ........ ........ ........ 34% 1.56M 56s
46080K ........ ........ ........ ........ ........ ........ 36% 1.56M 54s
49152K ........ ........ ........ ........ ........ ........ 38% 1.57M 52s
52224K ........ ........ ........ ........ ........ ........ 41% 1.58M 50s
55296K ........ ........ ........ ........ ........ ........ 43% 1.58M 48s
58368K ........ ........ ........ ........ ........ ........ 45% 1.58M 46s
61440K ........ ........ ........ ........ ........ ........ 48% 1.55M 44s
64512K ........ ........ ........ ........ ........ ........ 50% 1.58M 42s
67584K ........ ........ ........ ........ ........ ........ 52% 1.56M 40s
70656K ........ ........ ........ ........ ........ ........ 55% 1.58M 38s
73728K ........ ........ ........ ........ ........ ........ 57% 1.57M 36s
76800K ........ ........ ........ ........ ........ ........ 59% 1.57M 34s
79872K ........ ........ ........ ........ ........ ........ 61% 1.57M 32s
82944K ........ ........ ........ ........ ........ ........ 64% 1.59M 30s
86016K ........ ........ ........ ........ ........ ........ 66% 1.59M 28s
89088K ........ ........ ........ ........ ........ ........ 68% 1.59M 26s
92160K ........ ........ ........ ........ ........ ........ 71% 1.59M 24s
95232K ........ ........ ........ ........ ........ ........ 73% 1.54M 22s
98304K ........ ........ ........ ........ ........ ........ 75% 1.58M 21s
101376K ........ ........ ........ ........ ........ ........ 77% 1.59M 19s
104448K ........ ........ ........ ........ ........ ........ 80% 1.59M 17s
107520K ........ ........ ........ ........ ........ ........ 82% 1.59M 15s
110592K ........ ........ ........ ........ ........ ........ 84% 1.59M 13s
113664K ........ ........ ........ ........ ........ ........ 87% 1.57M 11s
116736K ........ ........ ........ ........ ........ ........ 89% 1.59M 9s
119808K ........ ........ ........ ........ ........ ........ 91% 1.57M 7s
122880K ........ ........ ........ ........ ........ ........ 94% 1.58M 5s
125952K ........ ........ ........ ........ ........ ........ 96% 1.58M 3s
129024K ........ ........ ........ ........ ........ ........ 98% 1.59M 1s
132096K ........ ........ ........ .... 100% 1.59M=84s
2013-01-14 16:46:17 (1.56 MB/s) - `/var/lib/vz/template/cache/debian-5.0-standard_5.0-2_i386.tar.gz.tmp.1917' saved [137150485/137150485]
download finished
TASK OK
starting template download from: http://downloads.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
target file: /var/lib/vz/template/cache/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
--2013-01-14 16:42:50-- http://downloads.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://garr.dl.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz [following]
--2013-01-14 16:42:50-- http://garr.dl.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
Resolving garr.dl.sourceforge.net... 193.206.140.34, 2001:760:ffff:b0::34
Connecting to garr.dl.sourceforge.net|193.206.140.34|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 156162136 (149M) [application/x-gzip]
Saving to: `/var/lib/vz/template/cache/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz.tmp.1916'
0K ........ ........ ........ ........ ........ ........ 2% 1.33M 1m50s
3072K ........ ........ ........ ........ ........ ........ 4% 1.62M 98s
6144K ........ ........ ........ ........ ........ ........ 6% 1.62M 93s
9216K ........ ........ ........ ........ ........ ........ 8% 1.54M 90s
12288K ........ ........ ........ ........ ........ ........ 10% 1.62M 87s
15360K ........ ........ ........ ........ ........ ........ 12% 1.51M 85s
18432K ........ ........ ........ ........ ........ ........ 14% 1.49M 84s
21504K ........ ........ ........ ........ ........ ........ 16% 1.58M 82s
24576K ........ ........ ........ ........ ........ ........ 18% 1.61M 79s
27648K ........ ........ ........ ........ ........ ........ 20% 1.62M 77s
30720K ........ ........ ........ ........ ........ ........ 22% 1.57M 75s
33792K ........ ........ ........ ........ ........ ........ 24% 1.36M 74s
36864K ........ ........ ........ ........ ........ ........ 26% 1.47M 72s
39936K ........ ........ ........ ........ ........ ........ 28% 1.61M 70s
43008K ........ ........ ........ ........ ........ ........ 30% 1.58M 68s
46080K ........ ........ ........ ........ ........ ........ 32% 1.61M 66s
49152K ........ ........ ........ ........ ........ ........ 34% 1.55M 64s
52224K ........ ........ ........ ........ ........ ........ 36% 1.60M 61s
55296K ........ ........ ........ ........ ........ ........ 38% 1.62M 59s
58368K ........ ........ ........ ........ ........ ........ 40% 1.59M 57s
61440K ........ ........ ........ ........ ........ ........ 42% 1.61M 55s
64512K ........ ........ ........ ........ ........ ........ 44% 1.42M 54s
67584K ........ ........ ........ ........ ........ ........ 46% 1.43M 52s
70656K ........ ........ ........ ........ ........ ........ 48% 1.26M 50s
73728K ........ ........ ........ ........ ........ ........ 50% 1.49M 48s
76800K ........ ........ ........ ........ ........ ........ 52% 1.54M 46s
79872K ........ ........ ........ ........ ........ ........ 54% 1.43M 45s
82944K ........ ........ ........ ........ ........ ........ 56% 1.54M 43s
86016K ........ ........ ........ ........ ........ ........ 58% 1.62M 41s
89088K ........ ........ ........ ........ ........ ........ 60% 1.61M 39s
92160K ........ ........ ........ ........ ........ ........ 62% 1.58M 37s
95232K ........ ........ ........ ........ ........ ........ 64% 1.57M 35s
98304K ........ ........ ........ ........ ........ ........ 66% 1.43M 33s
101376K ........ ........ ........ ........ ........ ........ 68% 1.55M 31s
104448K ........ ........ ........ ........ ........ ........ 70% 1.61M 29s
107520K ........ ........ ........ ........ ........ ........ 72% 1.34M 27s
110592K ........ ........ ........ ........ ........ ........ 74% 1.42M 25s
113664K ........ ........ ........ ........ ........ ........ 76% 1.58M 23s
116736K ........ ........ ........ ........ ........ ........ 78% 1.22M 21s
119808K ........ ........ ........ ........ ........ ........ 80% 1.12M 19s
122880K ........ ........ ........ ........ ........ ........ 82% 1.33M 17s
125952K ........ ........ ........ ........ ........ ........ 84% 1.46M 15s
129024K ........ ........ ........ ........ ........ ........ 86% 1.57M 13s
132096K ........ ........ ........ ........ ........ ........ 88% 1.61M 11s
135168K ........ ........ ........ ........ ........ ........ 90% 1.50M 9s
138240K ........ ........ ........ ........ ........ ........ 92% 1.42M 7s
141312K ........ ........ ........ ........ ........ ........ 94% 1.52M 5s
144384K ........ ........ ........ ........ ........ ........ 96% 1.62M 3s
147456K ........ ........ ........ ........ ........ ........ 98% 1.62M 1s
150528K ........ ........ ........ ...... 100% 1.45M=99s
2013-01-14 16:44:30 (1.50 MB/s) - `/var/lib/vz/template/cache/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz.tmp.1916' saved [156162136/156162136]
download finished
TASK OK
There is no signature verification or it is not visible to the user.
Then please give the user feedback about what is going on.
This may apply to me, but does not apply to the average sysadmin, which is why I am proposing this change. An average sysadmin probably knows that downloading via HTTP can be a bad idea, but may not know how to read code etc. Also, an average sysadmin really can not be supposed to read code in order to check that downloads are verified. This also makes Proxmox look bad, because sysadmins may think that downloads are not verified when they actually are.you can always dig deeper and read the source code, available on https://git.proxmox.com
@tom, @dietmar: Hiding feedback that is security related is a bad idea....