Should not .jigdo files be in SHA512SUMS ?

Hi, while working on my JigdoOnLive wiki page i got pointed by Paul Wise to the fact that the "https:" URLs of cdimage.debian.org files do not really protect their file content against tampering. I am quite sure that the .jigdo files get not verified by jigdo-lite beyond (possibly) the gzip check

Bug#846006: debian-cd: please provide flavor/spin netinst image for Debian Edu

version: 1.944 On Sun, Nov 27, 2016 at 06:00:00PM +0100, Holger Levsen wrote: > Package: debian-cd > [...] please provide a flavor/spin > netinst image with debian-edu-profile-udeb installed. #846003 has the > implementation details, this bug is for tracking installable media with > debian-edu-pro