* tom:

> I have discovered that non of the repository links is https:// . Is it
> not safer to use only https:// connections.

https:// is meaningless for package downloads because anyone can run a
mirror and see the requests directly, even if they are
transport-encrypted with HTTPS.

APT uses GnuPG to verify a signature on the repository, and chains
hashes from there, down to individual .deb files.

Reply via email to