On Sun, Oct 16, 2016 at 2:03 AM, Paul Tagliamonte wrote:
> So, when are we going to push this? If not now, what criteria need to be
> met? Why can't we https-ify the default CDN mirror today?
Exactly what actions do you mean by this?
Debian does not control what mirror operators do, they are free to add
https or not. Some do but most don't.
httpredir.d.o is not well maintained, but it could theoretically
support https if someone cared about it.
deb.d.o is backed by two commercial CDNs, see Tollef's mail about that.