Results 1 to 2 of 2

Thread: Regarding lack of HTTPS support

  1. #1
    Join Date
    May 2024

    Regarding lack of HTTPS support

    Regarding the lack of HTTPS support for Ubuntu, how can we address security concerns and ensure the integrity of downloaded files from the "" domain? Is there a recommended verification process in such cases?

  2. #2
    Join Date
    Jul 2013

    Re: Regarding lack of HTTPS support

    One assumes you are trying to complain about vulnerability to a man-in-the-middle attack from an http (not https) apt mirror.

    1. There are https mirrors. You are welcome to use one of those. See for the list.

    2. The "recommended verification process" is to use apt. Apt will warn you if a package has unexpected size, wrong hash, or other suspicious characteristics. The Debian apt+repository system of automatically verifying each downloaded package is over 25 years old. It existed before https. It was (and is) secure without https.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts