Bug#912956: ttf-mscorefonts-installer: Should use https URLs

[Christoph Anton Mitterer]

Hey.

Why would it be best to use HTTPS?

TLS alone, with its broken CA ecosystem, doesn't give any real
security... and the downloaded files have their hash sums already
verified (which is the real thing that gives security and trust here)
by the downloader.

The only thing one gets is an additional dependency on CA certificates
and problems like when certs would expire.


Cheers,
Chris-

Bug#912956: ttf-mscorefonts-installer: Should use https URLs

[Christian Marillat]

Package: ttf-mscorefonts-installer
Version: 3.7
Severity: normal

Dear Maintainer,

The best would be to uses https URLs and uses https_proxy instead of https_proxy

Christian

-- System Information:
Debian Release: buster/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.78 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ttf-mscorefonts-installer depends on:
ii  cabextract 1.6-1.1
ii  debconf [debconf-2.0]  1.5.69
ii  wget   1.19.5-2
ii  xfonts-utils   1:7.7+6

Versions of packages ttf-mscorefonts-installer recommends:
pn  fonts-liberation  

ttf-mscorefonts-installer suggests no packages.

-- debconf information:
  msttcorefonts/dldir:
  msttcorefonts/http_proxy:
  msttcorefonts/dlurl:
  msttcorefonts/savedir:
  msttcorefonts/baddldir: