Security notices aren't signed and website doesn't offer https
Bug #1385886 reported by
Andreas Moog
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-website-content |
In Progress
|
Wishlist
|
Unassigned |
Bug Description
Hi there,
currently the Ubuntu security notices are only served by http, not by https (https:/
Additionally the security notices on the site aren't signed (or at least I couldn't find a signed version on the web).
Both issues mean that there is no easy way to tell if the web information about USN's is accurate or has been forged by a MITM attack.
information type: | Private Security → Public Security |
information type: | Public Security → Public |
information type: | Public → Private Security |
information type: | Private Security → Public Security |
To post a comment you must log in.
Andreas
The Canonical IS team has agreed to do this work and it is in progress.
Peter