On Thu, 2 Sep 2021 21:26:11 +0200 Simon Richter <s...@debian.org> wrote: > The TLS layer is not part of the security model, so we'd be teaching > users to look for the wrong thing, kind of like the "encrypted with SSL" > badges on web pages in the 90ies.
Is there any strong reason to use HTTP than HTTPS now? Should we teach all our users (including non-tech) about "Secure APT" mechanism? And I said about only deb.debian.org and security.debian.org, and just "default" - it means it does provide http access too. -- Regards, Hideki Yamane henrich @ debian.org/iijmio-mail.jp