Re: HTTPS needs to be implemented for updating
> Peter Lawler:
>> On 18/12/16 22:03, Christoph Moench-Tegeder wrote:
>>> second point requires a lot of work
>>> to resolve.
>> Monday morning yet-to-be-caffienated thoughts...
>> I'm going to ignore the 'inconvenience' because I think in this case
>> that's a specious argument.
>> I acknowledge there's a bucketload of work to implement this. Just gets
>> me to thinking, staging a switch over may be better. eg, a new apt
>> config for https as either 'required' 'desired' and 'off'. This reduces
>> the initial workload. Start with the default 'off', then at some future
>> release move to 'desired' then 'required'.
>> Further, I suggest perhaps an automated survey of the major mirrors to
>> find which ones already support https may be in order. Perhaps the
>> resultant data could be used by the apt-transport-https package for now,
>> as well as deciding when the above mentioned switch over might occur.
>> As I say, decaffienated Monday morning thoughts.
> Here's a script I wrote to do just that, find all Debian mirrors that
> support HTTPS:
Also, it would be really awesome if there was:
Which automatically redirected to mirrors that support HTTPS. I filed
an issue here: