Hola, On Fri, Oct 12, 2018 at 01:44:55PM -0500, Jonathan Stewart wrote: > I had to install apt-transport-https on debian 9 to reach the > repositories. > > Personally, i was more surprised debian didn't support HTTPS by > default rather than surprised that BIRD is deprecating HTTP. The > deprecation of HTTP is happening everywhere.
The integrity of debian packages is guranteed by their hash in the Packages file which is signed by a gpg signature. So https is not needed for integrity and fetching from a debian mirror does not need confidentially. https has the disadvantage of not beeing cachable. For large container/vm deployments that means that every requests hits the debian infrastructure unless you create a full mirror. So not enabling https or better continue to offer http is a well thought decision. Flo -- Florian Lohoff [email protected] UTF-8 Test: The 🐈 ran after a 🐁, but the 🐁 ran away
signature.asc
Description: PGP signature
