← Back to team overview

ubuntustudio-bugs team mailing list archive

  1. ubuntustudio-bugs team
  2. Mailing list archive
  3. Message #09811

[Bug 1862428] Re: HTTPS required by Chrom/ium for future downloading

  Thread PreviousDate PreviousThread Next 
The https://lubuntu.me/downloads page has been updated to reflect the
https links to cdimage.ubuntu.com

** Changed in: lubuntu-website
   Importance: Undecided => High

** Changed in: lubuntu-website
     Assignee: (unassigned) => Dan Simmons (kc2bez)

** Changed in: lubuntu-website
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to The Ubuntu Studio Project.
Matching subscriptions: UbuntuStudio Bugs
https://bugs.launchpad.net/bugs/1862428

Title:
  HTTPS required by Chrom/ium for future downloading

Status in Kubuntu Website:
  New
Status in Lubuntu Website:
  Fix Released
Status in Ubuntu CD Images:
  Fix Released
Status in Ubuntu MATE:
  New
Status in Ubuntu Studio Website:
  New
Status in Xubuntu Website:
  Fix Released

Bug description:
  Chromium has announced [1] that they will "ensure that secure (HTTPS)
  pages only download secure files. .. we’ll start blocking ... non-
  HTTPS downloads started on secure pages".  I also reached out and they
  confirmed our current download process will be impacted.

  The relevant timeline for ISOs are (changed due to covid):
  today - Chrome 81 (and derivatives) shows the console warnings
  user visible warning to be displayed for Chrome 84, which just landed in beta

  Impacted:
  This impacts the following secure websites that have downloads to cdimage that will break:
  ubuntu.com - Releases.ubuntu.com was upgraded to https and the main desktop link appears to use it, many other links use cdimage still though.
  ubuntubudgie.org
  ubuntu-mate.org
  kubuntu.org
  lubuntu.me
  ubuntukylin.com - upgraded to HTTPS (does mirror redirect, which choose an https mirror in my testing) - needs further testing.

  Not secure so not impacted today*: ubuntustudio.org,

  Good:
  xubuntu.org - Fixed, links to torrent site with HTTPS. Links to a folder on mirrors not directly to the ISO - which in my testing does not cause a warning.

  [1] https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
  * But new warnings just loading an insecure site are coming

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-website/+bug/1862428/+subscriptions
  Thread PreviousDate PreviousThread Next