## gwmfms06@unseen.is (gwmfms06@unseen.is):
What with Let's Encrypt now active, there is no excuse to not move
everything to HTTPS for updating.
1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents
that (unless you break HTTPS). This not only affects the server
side (I have no idea about the amount of "traffic saved" for Debian),
but also sites running multiple machines with Debian installed.
Setting up a mirror is more work than just running a squid.
2. That brings us to: Mirrors. There's quite a bunch of them, and
I'm quite sure that some of them (even primary mirrors) are not
"Debian Project hardware". That way it's not just "throw a switch
and everything is SSL", and it even creates some interesting
questions like third parties (those non-Debian mirror admins)
having access to debian.org SSL keys.
First point is an inconvenience, second point requires a lot of work
to resolve.