Since I reported this bug, Web browsers have started encouraging HTTPS
adoption in several ways, one of which is flagging as “Not secure” more
and more uses of HTTP: pages with password fields or payment card number
fields, pages with any input fields at all, pages loaded in
private/incognito windows, and eventually all HTTP pages.

So far, I’ve not seen these plans mentioning HTTP files downloaded from HTTPS 
pages. But if attacks like the one Thomas linked above increase, that may 
change.
Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1303739
Chromium/Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=739090

Of course, Ubuntu downloads shouldn’t be secure just to avoid
embarrassment from browsers; they should be secure to help keep users
safe.

** Bug watch added: Mozilla Bugzilla #1303739
   https://bugzilla.mozilla.org/show_bug.cgi?id=1303739

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1359836

Title:
  Ubuntu ISOs downloaded insecurely, over HTTP rather than HTTPS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1359836/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to