[20:50] <tomreyn> in #lubuntu-de, someone asked whether it's safe to download the cdimage.ubuntu.com hosted bittorrent file, because their Firefox browser had warned them about downloading this file over plain HTTP.
[20:52] <tomreyn> all hosts cdimage.ubuntu.com resolves to (for me) have a DNS PTR record which includes "https-services". would it make sense to link to all cdimage.ubuntu.com downloads via HTTPS instead?
[20:53] <lubot_> [telegram] <kc2bez> Thanks tomreyn I will work on fixing that.
[20:53] <lubot_> [telegram] <lynorian> should I do so for the manual as well?
[20:57] <lubot_> [telegram] <kc2bez> I think so, yes.
[21:01] <tomreyn> thanks
[21:11] <tomreyn> And you might want to set some additional HTTP headers (if that's something you can do - sorry if i asked before): https://securityheaders.com/?q=https%3A%2F%2Flubuntu.me%2F&hide=on&followRedirects=on
[21:11] <tomreyn> Content-Security-Policy can require some testing, the others should be painless.
[21:16] <lubot_> [telegram] <kc2bez> I don't have access to change that. @teward001 might.
[21:17] <lubot_> [telegram] <kc2bez> The download links should be updated now.
[23:46] <lubot_> [telegram] <teward001> lubuntu.me itself runs on marcos server and i need to find ssh creds again