On Sat, 15 Apr 2023 14:01:27 +0100 Alain D D Williams <a...@phcomp.co.uk> wrote:
> On Sat, Apr 15, 2023 at 08:52:06AM -0400, Greg Wooledge wrote: > > On Sat, Apr 15, 2023 at 01:23:05PM +0100, Brian wrote: > > > On Sat 15 Apr 2023 at 08:11:17 -0400, pa...@quillandmouse.com > > > wrote: > > > > --- > > > > > > > > deb http://debian.uchicago.edu/debian/ bookworm main contrib > > > > non-free deb-src http://debian.uchicago.edu/debian/ bookworm > > > > main contrib non-free > > > > > > > > deb http://security.debian.org/debian-security > > > > bookworm-security main contrib non-free deb-src > > > > http://security.debian.org/debian-security bookworm-security > > > > main contrib non-free > > > > > > > > --- > > While we are talking about this, is there any reason why all the > http: should not be https: ? > > I have done this on my own machine without ill effect. > Okay. Let's open this can of worms. The ONLY reason https is used on most sites is because Google *mandated* it years ago. ("Mandate" means we'll downgrade your search ranking if you don't use https.) There is otherwise no earthly reason to have an encrypted connection to a web server unless there is some exchange of private information between you and the server. Reading through all of Google's explanations, I've never seen a satisfactory explanation for this change. With that in mind, I believe the Debian gods did the right thing in leaving their web connections "insecure". Though, in truth, the integrity of Debian server contents wouldn't be changed in the slightest whether the connection was encrypted or not. Paul -- Paul M. Foster Personal Blog: http://noferblatz.com Company Site: http://quillandmouse.com Software Projects: https://gitlab.com/paulmfoster
