On Mon, Dec 25, 2017 at 08:46:16PM -0000, Victoid wrote: > There are truly no arguments against it.
Yes there are. See comment 6, for example. > What's the point in signing it at all? To prevent malicious code injection. Fixed security bugs aside (whether in openssl or in apt/gpg signing), the current security mechanism works as designed. Adding HTTPS as an additional layer would be nice, which is why this bug remains open. But the sky is not falling. Please stop ignoring the other arguments already made in this bug and pretend that it is. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464064 Title: Ubuntu apt repos are not available via HTTPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1464064/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
