Bug #34116
open
Manual 3.0: Debian/Ubuntu installation instructions use "http://"
Added by Dirk Heinrichs about 3 years ago.
Updated about 2 years ago.
Description
In the sources.list file, the URL should start with "https://" instead of "http://". Since the instructions for getting the signing key already use "https://" that should be possible for the packages too (and no, there's no need to install "apt-transport-https" anymore on the supported versions of Debian/Ubuntu ;-) ).
Manual for 3.2 still tells the users to use http instead of https.
... and so does 3.3.
Are documentation bugs getting fixed at all in this project?
I would not necessarily call it a bug. As far as security is concerned APT repositories do not rely on the used transport-protocol.
Downloading the public-key is IMHO the only request you really need to do via HTTPS (and if you have a secure source to get the public-key's fingerprint from, even that can be done using HTTP).
If you can trust the GPG-key used to sign the repository metadata and the used checksum-algorithms then you can trust the content of the APT repository.
Also available in: Atom
PDF
Updated by 
Updated by