"I have no idea what kind of protection mechanisms there are on the signing key, and whether anyone's being bribed/hacked to give them up." so you are willing to trust any number of backdoored https CAs? There are multiple public records of backdoored CA certificates than there are of broken gpg keys.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464064 Title: Ubuntu apt repos are not available via HTTPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1464064/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
