[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992692: general: Use https for {deb,security}.debian.org by default

On Thu, 2 Sep 2021 21:26:11 +0200
Simon Richter <sjr@debian.org> wrote:
> The TLS layer is not part of the security model, so we'd be teaching 
> users to look for the wrong thing, kind of like the "encrypted with SSL" 
> badges on web pages in the 90ies.

 Is there any strong reason to use HTTP than HTTPS now?
 Should we teach all our users (including non-tech) about "Secure APT"

 And I said about only deb.debian.org and security.debian.org, and
 just "default" - it means it does provide http access too.


 Hideki Yamane     henrich @ debian.org/iijmio-mail.jp

Reply to: