Zeiha, > your repositories on "debian.org" (especially "http://security.debian.org/" > !!) are not!
This has been brought up many times on many lists; please see/search the archives in future. The files are cryptographically signed which guarantees they haven't been tampered with in transit (modulo replay attacks which are handled in a different way). The only thing adopting might provide would be some quasi- anonymity with regards to which packages you are downloading but even that is doubtful since the package sizes themselves are very revealing. In short, there's no need for SSL. Please see <https://wiki.debian.org/SecureApt> for the technical details. Regards, -- ,''`. : :' : Chris Lamb, Debian Project Leader `. `'` la...@debian.org / chris-lamb.co.uk `-