Public bug reported: geoip.ubuntu.com allows for HTTPS now; tzsetup/geoip_server should use https://geoip.ubuntu.com/lookup to prevent MITM location information disclosure.
A complication is the d-i server variant (possibly others, but not e.g. desktop LiveCD) do not appear to have a certificate store, so wget will fail against this. I *think* pulling in ca-certificates-udeb would solve this, but I haven't been able to test. Note also that ubiquity uses geoname-lookup for city searching; that is covered by https://code.launchpad.net/~fo0bar/ubiquity/geoname-use- https/+merge/335568 . ** Affects: tzsetup (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1739838 Title: geoip.ubuntu.com should use HTTPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tzsetup/+bug/1739838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs