http://font.ubuntu.com/ is offered to the world for downloading Ubuntu font.
But sadly, zero security is provided for those choosing to download the font.
Not only is the domain not secured with https, but I can find no signed hash
authenticating that I'm downloading what Ubuntu intends.
Can Canonical please do something about this ASAP? Canonical should be invested
in protecting visitors to its site, especially when offering things to
download. Please use the Ubuntu signing key to sign a hash of the font,
authenticating its integrity. People should be able to download a signed file
for authentication when downloading the fonts.
I would have filed a bug on this on Lauchpad but I can find no way to file a
bug without indicating a specific package to file against.
Ubuntu-devel-discuss mailing list
Modify settings or unsubscribe at: