Bug#1068714: packages.debian.org: Please make links to deb.debian.org use HTTPS instead of HTTP

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1068714: packages.debian.org: Please make links to deb.debian.org use HTTPS instead of HTTP
From: Pierre-Elliott Bécue <peb@debian.org>
Date: Tue, 09 Apr 2024 17:25:26 +0200
Message-id: <[🔎] 171267632616.606639.2879704729255374686.reportbug@metal.pimeys.fr>
Reply-to: Pierre-Elliott Bécue <peb@debian.org>, 1068714@bugs.debian.org

Package: www.debian.org
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Hello,

In packages.debian.org, links pointing to the different source files
useful for a package are pointing to deb.debian.org via HTTP (not HTTPS)
links.

See https://packages.debian.org/bookworm/python3-pep517, which points
for [pep517_0.13.0-2.debian.tar.xz] to
http://deb.debian.org/debian/pool/main/p/pep517/pep517_0.13.0-2.debian.tar.xz

In these times of supply chain attack reveals etc, I think we would be
best to give HTTPS links.

Regards,
-- 
PEB

Reply to:

Prev by Date: Processed: merging 997077 1039982
Next by Date: Re: Bug#987943: www.debian.org: Developers Reference: Sphinx search non-functional: searchindex.js missing
Previous by thread: Processed: merging 997077 1039982
Next by thread: Bug#872944: #872944 www.debian.org: Remove JavaScript from Policy Manual published on web mirrors
Index(es):
- Date
- Thread