Is it me or are the people who defend Ubuntu's lack of security deliberately avoiding the issue?
The checksums and ISO files on releases.ubuntu.com and archive.ubuntu.com (and possibly more) are 100% vulnerable to MITM attacks for *NON-APT USERS*. Do not assume that the entire world is using APT... In fact, the MAJORITY of people who downloaded Ubuntu did so using their browser. All these people are at risk of running a compromised Ubuntu installation. You had the chance to fix this issue 3 years ago... I don't know what else to say. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464064 Title: Ubuntu apt repos are not available via HTTPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1464064/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
