id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	branch_state	votes
4570	Use HTTPS for OSU OSL mirrors	krekhov		"Hello, are there any administrators of http://ftp.midnight-commander.org/ here? I was looking at the output of the `lintian` utility of the `mc` package in Debian, and I noticed the following:

-> debian-watch-uses-insecure-uri [debian/watch]

The `debian/watch` file of the `mc-4.8.31` package looks like this:
version=3
http://ftp.midnight-commander.org/mc-([\d\.]+)\.tar\.xz

An insecure connection (HTTP) is used, no HTTPS. I want to point out:

1. HTTPS ensures that the data has not been modified in transit. This is especially important for packages, to ensure that they have not been tampered with or modified.

2. HTTPS ensures that you are connecting to the real server, and not some fake site. This helps prevent man-in-the-middle (MITM) attacks.

3. Although the packages may be publicly available, using HTTPS prevents monitoring and tracking of exactly which packages you download. This protects your privacy.

Could you use HTTPS? It's more secure."	enhancement	new	major	Future Releases	adm							no branch