I don't think certificates are necessary here: we could permit any https without any certificate checking, and still have an improvement, with no additional dangers over using http. For example, you would remain vulnerable to DNS spoofing or man-in-the-middle problems, but you would not be subject to the exposure of secret information in packages. (There are plenty of cases where a link is sniffable but not pwnable.)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/833994 Title: debian-installer does not support https when using with preseed files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/833994/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs