0

I'm fairly new to Ubuntu, and just realised that all my ppa's I've been adding are http only

Are there plans for https support in the future?

Peter Souter
  • 103
  • Highly unlikely, for the same reasons as in http://askubuntu.com/questions/352952/are-repository-lists-secure-is-there-an-https-version – muru Mar 07 '17 at 12:12
  • @DavidFoerster Thats for the Ubuntu repository lists, that doesn't apply to PPA's does it? – Peter Souter Mar 07 '17 at 13:48
  • It applies to PPAs as well if the maintainer signs the published packages which is usually the case. – David Foerster Mar 07 '17 at 14:01
  • @DavidFoerster You can't upload an unsigned package to a PPA. Signature is mandatory. So it is not "usually" the case. It is always the case. – Pilot6 Mar 07 '17 at 18:33
  • @Pilot6: AFAIK that's true for Launchpad PPAs but not all Apt-compatible package repositories in general. – David Foerster Mar 07 '17 at 18:51
  • @DavidFoerster The question was about PPAs, that's Launcpad. And I don't think that apt allows to install unsigned packages from anywhere. – Pilot6 Mar 07 '17 at 18:54
  • @Pilot6: I see you haven't discovered the --allow-unauthenticated option yet. :-] – David Foerster Mar 07 '17 at 22:43

1 Answers1

0

There is no need in https because all packages in PPA are signed with GPG.

So it does not matter where do you download the packages from if you are sure that they are authentic.

Pilot6
  • 90,100
  • 91
  • 213
  • 324