Public bug reported: Hello dear Canonical team,
the offered Thunderbird snap uses only HTTPS to secure the download of Thunderbird itself and its language packs. At least I found this snapcraft.yaml proving it: https://git.launchpad.net/~desktop-snappers/thunderbird/+git/snap/tree/snapcraft.yaml?h=stable Due to recent attacks against HTTPS by changing network routes and creating new trusted certificates for official domains [1], HTTPS alone is not trustworthy anymore. Could you please integrate a check of the SHA512SUMS (an additional GPG check would be the best of course but is maybe not so easy to implement) after downloading Thunderbird itself and all the language packs? The same is already done for the Chromium snap as far as I could see. Thank you very much! [1] https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through- bgp-hijacking-en-3ed7e33de600 ** Affects: thunderbird (Ubuntu) Importance: Undecided Status: New ** Tags: hash snap thunderbird -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965664 Title: Safer way to build Thunderbird snap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1965664/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
