Since I reported this bug, Web browsers have started encouraging HTTPS
adoption in several ways, one of which is flagging as “Not secure” more
and more uses of HTTP: pages with password fields or payment card number
fields, pages with any input fields at all, pages loaded in
private/incognito windows, and eventually all HTTP pages.
So far, I’ve not seen these plans mentioning HTTP files downloaded from HTTPS
pages. But if attacks like the one Thomas linked above increase, that may
Of course, Ubuntu downloads shouldn’t be secure just to avoid
embarrassment from browsers; they should be secure to help keep users
** Bug watch added: Mozilla Bugzilla #1303739
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Ubuntu ISOs downloaded insecurely, over HTTP rather than HTTPS
To manage notifications about this bug go to:
ubuntu-bugs mailing list