Bug#992692: general: Use https for {deb,security}.debian.org by default
On Thu, 2 Sep 2021 21:26:11 +0200
Simon Richter <sjr@debian.org> wrote:
> The TLS layer is not part of the security model, so we'd be teaching
> users to look for the wrong thing, kind of like the "encrypted with SSL"
> badges on web pages in the 90ies.
Is there any strong reason to use HTTP than HTTPS now?
Should we teach all our users (including non-tech) about "Secure APT"
mechanism?
And I said about only deb.debian.org and security.debian.org, and
just "default" - it means it does provide http access too.
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
Reply to: