Why does APT not use HTTPS?

In the ever changing world of technology, people often rush to get the latest. Hype for new features, improved performance and security is everywhere, and anybody rarely stops to think about things in depth.

Use the best tool for the job, they say. And the latest is always the best.

In that, I found it surprising that APT (advanced packaging tool) used for a variety of popular Linux distributions, such as Debian, does not use HTTPS, no matter how much people push for it. For all the arguments of HTTP/2 performance and Let’s Encrypt free certificates, APT developers have their own counterarguments.

Why does APT not use HTTPS?” is a simple website that explains the reasons behind that decision. And they kind of make a lot of sense for their particular use case.

Leave a Comment