Comment 10 for bug 1464064

some further relevant discussion: https://www.reddit.com/r/Ubuntu/comments/3q53kc/list_of_ubuntu_repository_mirrors_available_over/

I'd like to pitch in with my own story as to why I would like to have https mirrors, at least as an option. I frequently go to a country with one of the crappiest internet connection on earth. The local telco duopoly is doing things beyond stupid to keep the network from totally breaking down. One of this seems to be broken transparent mandatory caches with incorrect blobs for all kinds of things. Packages I download are frequently corrupted which sucks hard because then I have to remove the deb from /var/cache/apt/archive, fetch it manually over ssh from my server at home and pay for the data transfer again (which is expensive here). If I were able to use https, they couldn't fiddle with my connection as they currently do. For normal browsing I've already resorted to socksifying almost everything.

The arguments about MITM are very real, although in my case I don't believe it's a malignent attacker, but simply a lazy and incompetent telco.