Re: Repository Link are NOT https://

2015-09-03 Thread Paul Wise
On Fri, Sep 4, 2015 at 7:20 AM, Vincent Bernat wrote: > There is still the initial ISO image that would benefit from HTTPS > because the user may not verify the GPG signature. Maybe > cdimage.debian.org could be switched to HTTPS? cdimage.d.o is just a redirector so that isn't going to help unles

Re: Repository Link are NOT https://

2015-09-03 Thread Vincent Bernat
❦ 3 septembre 2015 17:03 -0700, Russ Allbery  : >> I have discovered that non of the repository links is https:// . Is it >> not safer to use only https:// connections. > >> And as well the download of a debian distro is only http:// . > >> Sorry to say that but nearly all other distros used for

Re: Repository Link are NOT https://

2015-09-03 Thread Russ Allbery
tom writes: > I have discovered that non of the repository links is https:// . Is it > not safer to use only https:// connections. > And as well the download of a debian distro is only http:// . > Sorry to say that but nearly all other distros used for the downlaod > link https:// . But as repo

Re: Repository Link are NOT https://

2015-09-03 Thread Florian Weimer
* tom: > I have discovered that non of the repository links is https:// . Is it > not safer to use only https:// connections. https:// is meaningless for package downloads because anyone can run a mirror and see the requests directly, even if they are transport-encrypted with HTTPS. APT uses Gnu

Re: Repository Link are NOT https://

2015-09-03 Thread Ben Hutchings
On Thu, 2015-09-03 at 19:05 +0200, tom wrote: > Hi, > > I have discovered that non of the repository links is https:// . Is it > not safer to use only https:// connections. > > And as well the download of a debian distro is only http:// . > > Sorry to say that but nearly all other distros used f

Re: Repository Link are NOT https://

2015-09-03 Thread Nextime
On September 3, 2015 7:05:29 PM CEST, tom wrote: >Hi, > >I have discovered that non of the repository links is https:// . Is it >not safer to use only https:// connections. > >And as well the download of a debian distro is only http:// . > >Sorry to say that but nearly all other distros used for t

Repository Link are NOT https://

2015-09-03 Thread tom
Hi, I have discovered that non of the repository links is https:// . Is it not safer to use only https:// connections. And as well the download of a debian distro is only http:// . Sorry to say that but nearly all other distros used for the downlaod link https:// . But as repository links they a