And now we have CVE-2019-3462 to remind us that running security critical software running as a privileged user downloading data that will be parsed, decoded, and acted upon from a trusted location (ie Ubuntu's official mirror locations), but without a TLS layer to provide identification, authentication, confidentiality, and integrity validation is a bad idea.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3462 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464064 Title: Ubuntu apt repos are not available via HTTPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1464064/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
