Comment 19 for bug 1464064

I can't believe HTTPS hasn't been switched on in the 2.5 years since this bug was reported. It's a commonsense move that even Linus has made. There are truly no arguments against it. It's farcical to report kernel signatures, but then not provide either the package or the signature over a secure transport. What's the point in signing it at all? Kernel.org is distributing the releases over an HTTPS CDN with no problems, and Ubuntu is way behind the times on this.