You are not logged in.
@mmaglis . . . Thanks for taking the initiative to find that. I knew it existed and was going to suggest searching for it but thought better of it since I was not inclined to do so myself. IIUC (that's certainly not a given), all the packages are signed so should be secure even without https.
Offline
Ideas?
Firewall?
And I think this should have it's own thread, hi-jacking an official announcement thread seems a bit rude.
“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII, 18.
Offline
Note that the apt-transport-https package is needed to take advantage of https sources.
this is only required in ascii. since apt >1.5 (beowulf) it's already included in apt, and that package is just transitional & can go away
Offline
tails uses only https iirc : https://tails.boum.org/contribute/how/mirror/
and their RR still fails, just like devuan : eg. https://dl.amnesia.boum.org/
that makes sense, otherwise devuan would have to share private keys with mirrors, which is of course out of the question.
about https://deb.debian.org , i think it only has one -sponsored- mirror and that's why it works ok.
in all mirror cases i've seen so far, if you want to use apt through https, pick a mirror that supports it..
Offline