Comment 43 for bug 346386

Doesn't this bug allow malicious users to root any Ubuntu system connected to a wifi cafe that uses web logon and no encryption?

I'm not sure if I understand this, but it seems like proxies can insert URLs into the apt lists at will. And at logon-style wifi cafe's, a malicious user sitting at the table next to you could impersonate the cafe proxy (MITM), potentially inserting whatever they like into the lists URL. Wouldn't this then affect the Ubuntu upgrade and update cycles, redirecting requests to those chosen by the malicious laptop owner, perhaps weeks late while not connected to the malicious proxy? Perhaps the user would be required to accept some bogus security certificate before downloading the malicious code--so maybe only 10% of infected Ubuntu users would be caught. But might it be possible that if the user updates/upgrades while still connected through the malicious proxy, the proxy could peform a MITM on the certificates and still get the user to unknowingly install whatever "upgrades" the malicious user intends, to root the wifi user's system.