There is still a need to figure out a testcase here before the SRU can
be uploaded

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.

Title: does not utilize HTTPS

Status in ubuntu-geoip package in Ubuntu:
  Fix Released
Status in ubuntu-geoip source package in Trusty:
Status in ubuntu-geoip source package in Xenial:
Status in ubuntu-geoip source package in Artful:

Bug description:
  It's better to use https where we can. There were concerns about location 
leakage for users using a proxy (such as Tor).

  Test Case

  Regression Potential
  As long as Canonical maintains, things should be 
fine here. Minimal fix.

  Original Bug Report
  ------------------- does not utilize HTTPS and leaks unencrypted over HTTP. This 
can potentially be utilized by nation state adversaries to compromise user 
privacy. This service is called multiple times per day by the OS in order to 
track users.

  $ nc -zv 80
  Connection to 80 port [tcp/http] succeeded!

  $ nc -zv -w 3 443
  nc: connect to port 443 (tcp) timed out

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to