#1008652 mirrors must support also HTTPS in order to be considered official

Package:
mirrors
Source:
mirrors
Submitter:
Hans-Christoph Steiner
Date:
2022-03-30 13:51:04 UTC
Severity:
wishlist
#1008652#5
Date:
2022-03-30 07:11:49 UTC
From:
To:
Since the beginning of F-Droid, we have required that official package repos and
mirrors use HTTPS.  We have encouraged all of them to have HTTPS.  I think
Debian should do the same.  There are already very many Debian mirrors that do
support HTTPS, here's a script to find them:
https://gist.github.com/HacKanCuBa/e3a998d68a82f81dbf11f2cce4f26d04

If all Debian official mirrors supported HTTPS, then it would be much easier for
Debian systems to default to using HTTPS for apt repos.  This is related to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692

#1008652#10
Date:
2022-03-30 08:29:17 UTC
From:
To:
Control: retitle -1  mirrors must support also HTTPS in order to be considered official

Quoting https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692#37

  This change is more about recognizing HTTPS as the primary transport
  protocol for the modern Web, not sending mixed signals regarding the
  general security risks posed by plain HTTP when used for unrelated
  purposes, and no longer needing to repeatedly explain to users that
  Debian has gone to great lengths to implement package distribution
  security which doesn't really depend at all on transport layer
  encryption.



Original Subject: mirrors must support HTTPS in order to be considered official
should have been: mirrors must support also HTTPS in order to be considered official

I have retitled this wishlist bugreport accordingly to make
more clear that the wish is about **adding** another transport protocol,
not about **switching** transport protocol.


Groeten
Geert Stappers