several plugins use insecure http in account setup

I had already asked about sina and sohu, those require http. I don't know about flickr off hand.

If sina and sohu require http, then I suggest they be disabled or not in main (and therefore not installed by default).

As for flickr, it is connecting to yahoo and I know that GOA uses https with its yahoo backend.

The flickr API[1] says http, I tried patching it to use https and in fact got a 404 error.

1. http://www.flickr.com/services/api/auth.oauth.html

nothing in main will depend on the sina or sohu plugins, but flickr likely will. It doesn't auth against yahoo, it has it's own oauth API.

Ok, I looked into this a bit more:
 * flickr only uses http to do the oath bits and delivers no html over http (it does that over https). However, http://www.flickr.com/services/api/misc.overview.html says that https://secure.flickr.com/services is a valid endpoint, so I would prefer to use that if possible
 * sino and sohu are both confirmed to deliver html over http. These should be disabled or universe only

This bug was fixed in the package account-plugins - 0.5-0ubuntu3

---------------
account-plugins (0.5-0ubuntu3) quantal; urgency=low

  * debian/patches/lp_1037169.patch
    - Use the secure end point for flickr (LP: #1037169)
 -- Ken VanDine <email address hidden> Wed, 15 Aug 2012 14:49:05 -0400

(subscribing canonical-desktop-team rather than ubuntu-desktop to avoid spamming the ubuntu-desktop mailing list with bug comments)

Actually, sina seems to support https:

http://open.weibo.com/wiki/Oauth2

since this bug is already in released state, I filed a new one, just for the sina plugin:

https://bugs.launchpad.net/online-accounts-account-plugins/+bug/1038871