I noticed that the Ubuntu Software Updates downloads updates on port 80 and not by secure socket layer. Can I force the updates to certificate driven downloads for increased security by editing the `sources.list' file. I could always try first but I thought I'd ask.
Also, I noticed that by default there are un-trusted certificates in the Chromium browser. Should I have anything to worry about?
If you specify https://url in /etc/apt/sources.list and /etc/apt/sources.list.d/*, then APT will use HTTPS.
aptverifies the signature of packages. So you do not need to have a form of transportation like apt-transport-https that provides data authentication. If an attacker modifies the files you're downloading, this will be noticed. Using a signature verification is better than using an HTTPS connection, because it will detect an attack on the server you're downloading from, not just an attack in transit.
