Add apt-transport-https package

[Pamplemousse]

... to allow https urls in sources lists.

Fixes #55 .

[Pamplemousse]

Hey @tianon, @yosifkit,

Any feedback or chances of seeing this being merge?

Cheers,

[yosifkit]

My initial reaction is "unlikely" to be merged. My opinion is that since https isn't used on the base mirrors, it shouldn't be added until necessary. It does not increase trust in the provider of the packages, but does hide metadata from snooping 3rd parties. Users generally know that when they add an apt repo with https they also need to install apt-transport-https.

I would rather see this as a default package at the distribution level and all apt repos to be moved to https.

cc @tianon

[tianon]

Yeah, I definitely agree that this doesn't seem like something in the spirit of buildpack-deps: (from https://hub.docker.com/_/buildpack-deps/)

The main tags of this image are the full batteries-included approach. With them, a majority of arbitrary gem install / npm install / pip install should be successful without additional header/development packages.

I don't think there are any/many gem/npm/pip packages which pull in APT packages themselves. :confused:

[Pamplemousse]

Ok, I understand your points.

You may want to close #55 as well.