Joe Adams@paigerduty Very often linux mirrors are HTTP only so that organizations can put a caching proxy in front of it. That would be harder to do when the traffic is encrypted.
C S@sysadmind @paigerduty just to clarify though, the packages are checksummed, and the checksum file is gpg-signed. And like with other apt-based distros, you can enable https with the `apt-transport-https` package.