lix is vulnerable to man-in-the-middle attack. Package downloads are allowed via an insecure HTTP channel after following the Location
header redirects. This allows for an attacker in a privileged network position to intercept and modify a package installation and redirect the download to a malicious source.