I can't believe HTTPS hasn't been switched on in the 2.5 years since this bug was reported. It's a commonsense move that even Linus has made. There are truly no arguments against it. It's farcical to report kernel signatures, but then not provide either the package or the signature over a secure transport. What's the point in signing it at all? Kernel.org is distributing the releases over an HTTPS CDN with no problems, and Ubuntu is way behind the times on this.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464064 Title: Ubuntu apt repos are not available via HTTPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1464064/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
