I wish I could trust the packages I am supposedly downloading from Ubuntu servers are exactly what I think they are. But ...
...
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [94,5 kB]
Hit:6 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:10 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
...
It's all clear text and unauthenticated traffic.
Why isn't Ubuntu using HTTPS by default when accessing software repositories? Which reasons can there be to keep this situation?
