It seems to be "http" by default (at least it's ony my newly installed system). I've switched to https and everything still works.
"https" prevents someone from tempering with the users connection (e.g. man in the middle attack). However as the packages are singed anyway so https is "just" an additonal level of security. But why not use it if it comes without addtional "costs"? Regards Bruno On Sun, 2021-08-15 at 16:29 +0100, Brian Potkin wrote: > § 5.1.3 in the Release Notes has > > deb https://deb.debian.org/debian-security bullseye-security main > contrib > > Is the https (rather than http) seen as being better? I've always > used http. > > Cheers, > > Brian. >
