← Back to team overview

ubuntustudio-bugs team mailing list archive

  1. ubuntustudio-bugs team
  2. Mailing list archive
  3. Message #09845

[Bug 1862428] Re: HTTPS required by Chrom/ium for future downloading

  Thread PreviousDate PreviousThread Next 
** Description changed:

  Chromium has announced [1] that they will "ensure that secure (HTTPS)
  pages only download secure files. .. we’ll start blocking ... non-HTTPS
  downloads started on secure pages".  I also reached out and they
  confirmed our current download process will be impacted.
  
  The relevant timeline for ISOs are (changed due to covid):
  today - Chrome 81 (and derivatives) shows the console warnings
  user visible warning to be displayed for Chrome 84, which just landed in beta
  
- Impacted:
  This impacts the following secure websites that have downloads to cdimage that will break:
- ubuntu.com - Releases.ubuntu.com was upgraded to https and the main desktop link appears to use it, many other links use cdimage still though.
- ubuntubudgie.org
+ kubuntu.org - tried contacting via IRC also.
+ 
+ Good / Fixed:
+ lubuntu.me
  ubuntu-mate.org
- kubuntu.org
- lubuntu.me
- ubuntukylin.com - upgraded to HTTPS (does mirror redirect, which choose an https mirror in my testing) - needs further testing.
+ xubuntu.org - Fixed, links to torrent site with HTTPS. Links to a folder on mirrors not directly to the ISO - which in my testing does not cause a warning.
+ ubuntustudio.org - not secure but ISO links are https.
+ ubuntubudgie.org - fixed in https://github.com/UbuntuBudgie/Website/issues/52
+ ubuntukylin.com - upgraded to HTTPS (does mirror redirect, which choose an https mirror in my testing)
+ ubuntu.com - all links I found look good
  
- Not secure so not impacted today*: ubuntustudio.org,
- 
- Good:
- xubuntu.org - Fixed, links to torrent site with HTTPS. Links to a folder on mirrors not directly to the ISO - which in my testing does not cause a warning.
  
  [1] https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
  * But new warnings just loading an insecure site are coming

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to The Ubuntu Studio Project.
Matching subscriptions: UbuntuStudio Bugs
https://bugs.launchpad.net/bugs/1862428

Title:
  HTTPS required by Chrom/ium for future downloading

Status in Kubuntu Website:
  New
Status in Lubuntu Website:
  Fix Released
Status in Ubuntu CD Images:
  Fix Released
Status in Ubuntu MATE:
  Fix Released
Status in Ubuntu Studio Website:
  Fix Released
Status in Xubuntu Website:
  Fix Released

Bug description:
  Chromium has announced [1] that they will "ensure that secure (HTTPS)
  pages only download secure files. .. we’ll start blocking ... non-
  HTTPS downloads started on secure pages".  I also reached out and they
  confirmed our current download process will be impacted.

  The relevant timeline for ISOs are (changed due to covid):
  today - Chrome 81 (and derivatives) shows the console warnings
  user visible warning to be displayed for Chrome 84, which just landed in beta

  This impacts the following secure websites that have downloads to cdimage that will break:
  kubuntu.org - tried contacting via IRC also.

  Good / Fixed:
  lubuntu.me
  ubuntu-mate.org
  xubuntu.org - Fixed, links to torrent site with HTTPS. Links to a folder on mirrors not directly to the ISO - which in my testing does not cause a warning.
  ubuntustudio.org - not secure but ISO links are https.
  ubuntubudgie.org - fixed in https://github.com/UbuntuBudgie/Website/issues/52
  ubuntukylin.com - upgraded to HTTPS (does mirror redirect, which choose an https mirror in my testing)
  ubuntu.com - all links I found look good

  
  [1] https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
  * But new warnings just loading an insecure site are coming

To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-website/+bug/1862428/+subscriptions
  Thread PreviousDate PreviousThread Next