janl, thanks for the response!
I've forwarded the bug to ubuntu-ser...@lists.ubuntu.com for further
discussion. It may be a good candidate for a future spec in Ubuntu, but
I'd like to hear the wider opinion.
Given that, for now I'm marking the bug as Opinion. If it looks like we
will do this, we
I have tried to come up with some very good solutions, but it appears
that we must lay (another) burden on packagers to realize this.
1) If an authenticating web app foo is installed and SSL is not
installed then "secure by default" tells us that the user should see a
splash page explaining that i
Hi Janl. This is just a reminder to come back and answer the questions
posed in comment #2.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/695857
Title:
ssl protection not default for sensitive packag
Hi janl. This makes a lot of sense, and it just needs some questions
answered before it can go into the confirmed wishlist:
1) If SSL is not installed, but somebody installs webapp foo, should we
then go ahead and allow it to be served via clear HTTP? SSL requires
some setup and possibly acquirin
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/695857
Title:
ssl protection not default for sensitive pa
