I've had another look; it still looks sane to me; but given that it's network code we're importing in the bootloader, it feels like a potential source of vulnerabilities and would be better to have it checked by the Security team.
I've assigned it to ~ubuntu-security...
Please have a look at grub-code/net/http.c; which seems to be the only real source file involved (from grub2 source) into providing the module.
I've had another look; it still looks sane to me; but given that it's network code we're importing in the bootloader, it feels like a potential source of vulnerabilities and would be better to have it checked by the Security team.
I've assigned it to ~ubuntu-security...
Please have a look at grub-code/ net/http. c; which seems to be the only real source file involved (from grub2 source) into providing the module.