These are the default main debian repository https://wiki.debian.org/SourcesList: (without TLS)
Code: Select all
deb http://deb.debian.org/debian buster main
#deb-src http://deb.debian.org/debian buster main
deb http://deb.debian.org/debian buster-updates main
#deb-src http://deb.debian.org/debian buster-updates main
deb http://deb.debian.org/debian-security/ buster/updates main
#deb-src http://deb.debian.org/debian-security/ buster/updates main
the problem is lmde using debian security repo without TLS security.debian.org, this is not the default repo for debian distros nor it support TLS.
using https add another layer of security to the connection and avoid traffic manipulation:
https://github.com/QubesOS/qubes-issues/issues/4415
-------
Another level of security which using Onion repositories, but i think TLS is enough for the end user: (apt-transport-tor package needed to be pre-installed before adding onion repos)
https://blog.torproject.org/debian-and- ... n-services