> The phrasing of your first two sentences in your first post makes it sound like you're dismissing the security issue.

Genuine question, How does it sound like I'm dismissing it? My first sentence begins with the the phrase

> I don't like that the executable's update URL is using just plain HTTP

And my second sentence

> Whether you agree with whether this rule should be out-of-scope or not is a separate issue.

which, with context that AMD reported MITM as out-of-scope, clearly indicates that I think of it as an issue, albeit, a separate one from the one the author already reported.