❦ 3 septembre 2015 17:03 -0700, Russ Allbery <rra@debian.org> : >> I have discovered that non of the repository links is https:// . Is it >> not safer to use only https:// connections. > >> And as well the download of a debian distro is only http:// . > >> Sorry to say that but nearly all other distros used for the downlaod >> link https:// . But as repository links they all used only http:// >> connections like debian. > > It doesn't matter for the integrity of the packages. APT does a much > stronger validation via a public key signature and doesn't rely on > transport security at all. There is still the initial ISO image that would benefit from HTTPS because the user may not verify the GPG signature. Maybe cdimage.debian.org could be switched to HTTPS? -- But, for my own part, it was Greek to me. -- William Shakespeare, "Julius Caesar"
Attachment:
signature.asc
Description: PGP signature