Comment 3 for bug 2011527

With the patched version, there is no leak about the destination but only mirror.archive.ubuntu.com was used for GET requests.

$ sudo octavia-diskimage-retrofit -d \
    -m 'deb http://mirror.archive.ubuntu.com/ubuntu jammy main universe\ndeb http://mirror.archive.ubuntu.com/ubuntu jammy-security main universe\ndeb http://mirror.archive.ubuntu.com/ubuntu jammy-updates main universe' \
    jammy-server-cloudimg-amd64.img \
    ubuntu-amphora-haproxy-amd64.qcow2 \
    |& tee octavia-diskimage-retrofit_patched.log

$ egrep -o '[a-z.]+\.ubuntu\.com' octavia-diskimage-retrofit_patched.log | sort | uniq -c
     12 archive.ubuntu.com
    239 mirror.archive.ubuntu.com
      6 security.ubuntu.com

archive.ubuntu.com and security.ubuntu.com are just about the existing cache in the original cloud image to be converted as:

> /sysroot/subroot/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_jammy-security_main_i18n_Translation-en