Comment 9 for bug 1883272

Jumping in on this as anything affecting cdimage.ubuntu.com affects flavors as well.

Note that cdimage.ubuntu.com is not presented over https. In #ubuntustudio we've had people complain when the SHA256 they are presented with is not over https, so they assume the checksums could be compromised. I would be happy to direct them to that tutorial since we use cdimage.ubuntu.com for our iso links, except it's moot if the basic assumption is that everything on cdimage.ubuntu.com *could* be compromised if it's not https.

I understand the logistical issues with changing cdimage.ubuntu.com to https due to the various mirrors, but this seems to be coming up with more frequently since 20.04's release.

Basically, unless cdimage.ubuntu.com becomes https, in the eyes of a lot of people, verifying SHA256 is moot if they fear it's compromised due to lack of https, which means that entire tutorial doesn't really apply in their eyes.