pa...@quillandmouse.com wrote:
>
> Okay. Let's open this can of worms. The ONLY reason https is used on
> most sites is because Google *mandated* it years ago. ("Mandate" means
> we'll downgrade your search ranking if you don't use https.) There is
> otherwise no earthly reason to have an encrypted connection to a web
> server unless there is some exchange of private information between you
> and the server.
... and because Let's Encrypt made it relatively easy,
monetarily free, and automated.
> "insecure". Though, in truth, the integrity of Debian server contents
> wouldn't be changed in the slightest whether the connection was
> encrypted or not.
It's nice not to be telling everyone who can sniff a plaintext
connection which packages you are installing, and prevents those
people from trivially substituting trojan horses.
-dsr-
