http://font.ubuntu.com/ is offered to the world for downloading Ubuntu font. 
But sadly, zero security is provided for those choosing to download the font. 
Not only is the domain not secured with https, but I can find no signed hash 
authenticating that I'm downloading what Ubuntu intends.

Can Canonical please do something about this ASAP? Canonical should be invested 
in protecting visitors to its site, especially when offering things to 
download. Please use the Ubuntu signing key to sign a hash of the font, 
authenticating its integrity. People should be able to download a signed file 
for authentication when downloading the fonts.

I would have filed a bug on this on Lauchpad but I can find no way to file a 
bug without indicating a specific package to file against.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Reply via email to