Ubuntu
tzsetup package

geoip.ubuntu.com should use HTTPS

Bug #1739838 reported by Ryan Finnie
4
Affects Status Importance Assigned to Milestone
tzsetup (Ubuntu)
New
Undecided
Unassigned

Bug Description

geoip.ubuntu.com allows for HTTPS now; tzsetup/geoip_server should use https://geoip.ubuntu.com/lookup to prevent MITM location information disclosure.

A complication is the d-i server variant (possibly others, but not e.g. desktop LiveCD) do not appear to have a certificate store, so wget will fail against this. I *think* pulling in ca-certificates-udeb would solve this, but I haven't been able to test.

Note also that ubiquity uses geoname-lookup for city searching; that is covered by https://code.launchpad.net/~fo0bar/ubiquity/geoname-use-https/+merge/335568 .

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.