Given bugs like CVE-2016-1252 https://www.debian.org/security/2016/dsa-3733, I think it is now quite clear that apt package archives should always use HTTPS. Right now, all of the Ubuntu repo sections are available via HTTPS:
* https://spout.ussg.indiana.edu/linux/ubuntu * https://mirrors.kernel.org/ubuntu * https://mirror.cse.unsw.edu.au/pub/ubuntu-releases/
Given bugs like CVE-2016-1252 https:/ /www.debian. org/security/ 2016/dsa- 3733, I think it is now quite clear that apt package archives should always use HTTPS. Right now, all of the Ubuntu repo sections are available via HTTPS:
* https:/ /spout. ussg.indiana. edu/linux/ ubuntu /mirrors. kernel. org/ubuntu /mirror. cse.unsw. edu.au/ pub/ubuntu- releases/
* https:/
* https:/