I always see instructions for adding the Universe and Multiverse repositories that look something like the following:
sudo add-apt-repository -y "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse"
Recently I tried editing this to use HTTPS instead and was dismayed to find that archive.ubuntu.com doesn't appear to respond to HTTPS. Now I wonder how feasible it would be, or what damage could be done, if an attacker were to successfully perform a man-in-the-middle attack here?
Am I being too paranoid, considering the role these repositories perform on a system?
