Comment 27 for bug 1464064

And now we have CVE-2019-3462 to remind us that running security critical software running as a privileged user downloading data that will be parsed, decoded, and acted upon from a trusted location (ie Ubuntu's official mirror locations), but without a TLS layer to provide identification, authentication, confidentiality, and integrity validation is a bad idea.