Viewing a single comment thread. View all comments

jadedctrl wrote (edited )

I mean, server-side, it should be no problem to offer both http and https, unless you're using some over-complicated infrastructure. then again, apt itself is over-complicated, jajaja.

anyway, https should be the default, period. even in cases where snooping is still perfectly simple (file-size, etc.), it gives even a modicum more of privacy, and at least makes the snoop's life slightly more annoying.

you know how using unencrypted ssh is practically rocket surgery when you run up-to-date software, like it never existed in the first place? that's where we should be with http.