© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Whether HTTPS should be used by default or not should be left up to the mirror operators, in my opinion. They are the ones that would have to purchase and maintain the SSL certificates (unless they use a free CA like Lets Encrypt). However, for the mirrors that DO support HTTPS, it should at least be properly listed and supported in the "Software & Updates" GUI. The "Choose a Download Server" screen has a selection box for protocol, but it only ever has HTTP as an option. This makes me wonder why it even exists, because it even shows HTTP when I select an FTP mirror. (unless it's supposed to change, and I somehow broke it)
There's even a question about this from 3 years ago: https:/
I'm probably oversimplifying this by a lot, but couldn't we just change the mirror registration page[1] to include an HTTPS option, review it to make sure it works, and let the users choose that protocol?
[1] https:/