And for HTTPS CDNs, this is one good option: deb https://deb.debian.org/debian-security/ jessie/updates main
In any case, thanks for this bug report! The writing is on the wall: Debian needs transport security by default.
- Bug#863317: workaround Hans-Christoph Steiner
- Bug#863317: workaround Hans-Christoph Steiner
- Bug#863317: workaround Hans-Christoph Steiner
