[snuxoll]

The -release RPM (which contains the yum repository configuration + GPG signing key) for any RedHat family distros is available over HTTPS. Check any of the links on this page http://yum.postgresql.org/repopackages.php#pg95 - all available over HTTPS.

The GPG signing key used by the apt repo for Debian and derivatives is also served over HTTPS @ https://www.postgresql.org/media/keys/ACCC4CF8.asc, and the instructions for use direct you to install it as such.

It literally matters not at this point whether downloads are delivered over HTTPS or not outside of anonymity (which is almost moot, because you are obviously downloading PostgreSQL or the few related packages in these repositories) since package signatures are verified.