It's somewhat disappointing that this blog article is served over HTTP, and it's impossible to access it via HTTPS. How do we know that these new MD5s are to be trusted?
Linux Mint doesn't seem to prioritize security in general. No TLS for ISOs, no easily spottable signatures for ISOs, marking security updates untrusted by default...
They also ignore (at least they used to) DNS servers from DHCP and use Google's public DNS servers completely oblivious of why users might not want this.
