Make it possible to use HTTPS to access the actual apt repository.
Currently enabling intoto is by changing sources.list entry, for example:
from: deb https://deb.debian.org/debian bullseye main
to: deb intoto://deb.debian.org/debian bullseye main
Current behavior:
When enabling intoto this way, deb.debian.org is accessed via HTTP, not HTTPS.
Expected behavior:
A way to specify whether the repository should use HTTP or HTTPS. Maybe "intotos" symlink to "intoto", similar to "https" -> "http" symlink (plus, obviously appropriate handling in intoto.py)?
Description of issue or feature request:
Make it possible to use HTTPS to access the actual apt repository. Currently enabling intoto is by changing sources.list entry, for example: from:
deb https://deb.debian.org/debian bullseye main
to:deb intoto://deb.debian.org/debian bullseye main
Current behavior:
When enabling intoto this way,
deb.debian.org
is accessed via HTTP, not HTTPS.Expected behavior:
A way to specify whether the repository should use HTTP or HTTPS. Maybe "intotos" symlink to "intoto", similar to "https" -> "http" symlink (plus, obviously appropriate handling in intoto.py)?