*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
1. Go to <http://www.ubuntu.com/>. 2. Follow the most obvious route to download the recommended version of Ubuntu for PC. What happens: You end up downloading Ubuntu over HTTP. What should happen: The download is over HTTPS. An attacker with sufficient savvy and bandwidth could MITM your local Ubuntu mirror, serving you an ISO of something that looked and worked like Ubuntu but did all kinds of nefarious things. The equivalent for software updates is bug 1186793. [Originally reported by Tony Webster of "HTTP Shaming". <http://httpshaming.tumblr.com/post/95277096082/problem-1-the-iso-for- ubuntu-is-downloaded-via>] ** Affects: ubuntu Importance: Undecided Status: Won't Fix ** Tags: bot-comment -- Ubuntu ISOs downloaded insecurely, over HTTP rather than HTTPS https://bugs.launchpad.net/bugs/1359836 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
