[Bug 1055649] Re: [FFE] Change from http to https and verify cert
** Changed in: unity-lens-shopping Milestone: None => 6.8.0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
** Changed in: unity-lens-shopping Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
This bug was fixed in the package unity-lens-shopping - 6.0.0-0ubuntu2 --- unity-lens-shopping (6.0.0-0ubuntu2) quantal; urgency=low [ Łukasz 'sil2100' Zemczak ] * debian/control: - Added build-dependencies to libsoup2.4-dev and libsoup-gnome2.4-dev, as needed by the addition of secure connections [ Iain Lane ] * Cherry-pick upstream r22 to connect to the remote server using SSL (LP: #1055649) -- Iain LaneFri, 28 Sep 2012 18:01:02 +0100 ** Changed in: unity-lens-shopping (Ubuntu Quantal) Status: Triaged => Fix Released ** Branch linked: lp:ubuntu/unity-lens-shopping -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
FFe approved. Please land ASAP (today please). ** Changed in: unity-lens-shopping (Ubuntu Quantal) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
** Changed in: unity-lens-shopping Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
I would like to Register My Concerns(tm) about the process here as a security researcher and occasional Ubuntu user. I don't mean to sound upset with anyone or accusatory, I just don't want to see this happen again next time around. I suspect that Ubuntu is only going to continue down the cloud integration path and it's critical to get this right. It's great that it's already been agreed the plugin is changing to HTTPS, but the future revision where this would happen is referred to as the "production" server. The server you currently have is live on the internet now. It is answering requests from the client software that is live on the download mirrors now. It's on real machines outside of the development lab. **It's already in production.** A web service on the open internet is quite a bit different from normal desktop software. Just calling it beta doesn't really make it okay make everything plaintext and plan to get around to it later. For that matter, there's also the TOS and the privacy policy which every web service should have. I don't see any of this info on http://productsearch.ubuntu.com/. Again, I understand it's beta but it's still live. (If the TOS/privacy policy is the same as some generic ubuntu.com one, it should still really be linked to from the subdomain - but I would like to see a specific privacy policy for each specific type of data exchange.) It's okay if your first *internal* version of a web service has temporary, insecure rigging, but when it goes live on the internet it needs to already be /* FIXME: insecure */-free. As a security researcher who was worried about the implementation of your plugin, I should be looking over your source for bugs in your security code, because it can be very difficult to get that right on the first try - but instead I'm on bug tickets imploring you to make sure there is security code for me to check at all. I am going to open another ticket about some other privacy problems more particular to this exact plugin. I just wanted to share these concerns about process for launching a web service integrated with the desktop. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
** Also affects: unity-lens-shopping Importance: Undecided Status: New ** Changed in: unity-lens-shopping Status: New => In Progress ** Changed in: unity-lens-shopping Importance: Undecided => High ** Changed in: unity-lens-shopping Assignee: (unassigned) => Michal Hruby (mhr3) ** Branch linked: lp:~mhr3/unity-lens-shopping/secure-connection -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
** Also affects: unity-lens-shopping (Ubuntu Quantal) Importance: Critical Status: Confirmed ** Changed in: unity-lens-shopping (Ubuntu Quantal) Milestone: None => ubuntu-12.10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: unity-lens-shopping (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
** Changed in: unity-lens-shopping (Ubuntu) Status: Confirmed => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
Jeremy, Right, what popey said, plus we needed to follow the freeze exception process which requires a different description and some other things. I didn't want to hijack the other bug but I also wanted to make it clear that this bug addresses that one by marking it as a duplicate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
@jeremy, Joshua wasn't aware of bug 1054677 when he created this one, I alerted him to the duplicate and suggested he set one as dupe of the other, either way round. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
Why did you open this bug and mark the already reported bug a duplicate of this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: unity-lens-shopping (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055649] Re: [FFE] Change from http to https and verify cert
Can you provide a diff/branch for this change? By the description you give so far, it sounds like a bugfix to me more than a feature change. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055649 Title: [FFE] Change from http to https and verify cert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-lens-shopping/+bug/1055649/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs