Peter Lawler: > > > On 18/12/16 22:03, Christoph Moench-Tegeder wrote: >> second point requires a lot of work >> to resolve. >> >> Regards, >> Christoph >> > > Monday morning yet-to-be-caffienated thoughts... > > I'm going to ignore the 'inconvenience' because I think in this case > that's a specious argument. > > I acknowledge there's a bucketload of work to implement this. Just gets > me to thinking, staging a switch over may be better. eg, a new apt > config for https as either 'required' 'desired' and 'off'. This reduces > the initial workload. Start with the default 'off', then at some future > release move to 'desired' then 'required'. > > Further, I suggest perhaps an automated survey of the major mirrors to > find which ones already support https may be in order. Perhaps the > resultant data could be used by the apt-transport-https package for now, > as well as deciding when the above mentioned switch over might occur. > > As I say, decaffienated Monday morning thoughts. >
Here's a script I wrote to do just that, find all Debian mirrors that support HTTPS: https://gist.github.com/eighthave/7285154 .hc