Package: www.debian.org Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hello, In packages.debian.org, links pointing to the different source files useful for a package are pointing to deb.debian.org via HTTP (not HTTPS) links. See https://packages.debian.org/bookworm/python3-pep517, which points for [pep517_0.13.0-2.debian.tar.xz] to http://deb.debian.org/debian/pool/main/p/pep517/pep517_0.13.0-2.debian.tar.xz In these times of supply chain attack reveals etc, I think we would be best to give HTTPS links. Regards, -- PEB