Alfie John wrote: > Taking a look at the Debian mirror list, I see none serving over HTTPS: > > https://www.debian.org/mirror/list
https://mirrors.kernel.org/debian is the only one I know of. It would be good to have a few more, because there are situations where debootstrap is used without debian-archive-keyring being available, and recent versions of debootstrap try to use https in that situation, to at least get the weak CA level of security. -- see shy jo
signature.asc
Description: Digital signature