geoip.ubuntu.com should use HTTPS

Bug #1739838 reported by Ryan Finnie on 2017-12-22
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tzsetup (Ubuntu)
Undecided
Unassigned

Bug Description

geoip.ubuntu.com allows for HTTPS now; tzsetup/geoip_server should use https://geoip.ubuntu.com/lookup to prevent MITM location information disclosure.

A complication is the d-i server variant (possibly others, but not e.g. desktop LiveCD) do not appear to have a certificate store, so wget will fail against this. I *think* pulling in ca-certificates-udeb would solve this, but I haven't been able to test.

Note also that ubiquity uses geoname-lookup for city searching; that is covered by https://code.launchpad.net/~fo0bar/ubiquity/geoname-use-https/+merge/335568 .

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers